Slashdot Mirror
Backdoor Found In China-Made US Military Chip?
Hugh Pickens writes "Information Age reports that the Cambridge University researchers have discovered that a microprocessor used by the US military but made in China contains secret remote access capability, a secret 'backdoor' that means it can be shut off or reprogrammed without the user knowing. The 'bug' is in the actual chip itself, rather than the firmware installed on the devices that use it. This means there is no way to fix it than to replace the chip altogether. 'The discovery of a backdoor in a military grade chip raises some serious questions about hardware assurance in the semiconductor industry,' writes Cambridge University researcher Sergei Skorobogatov. 'It also raises some searching questions about the integrity of manufacturers making claims about [the] security of their products without independent testing.' The unnamed chip, which the researchers claim is widely used in military and industrial applications, is 'wide open to intellectual property theft, fraud and reverse engineering of the design to allow the introduction of a backdoor or Trojan', Does this mean that the Chinese have control of our military information infrastructure asks Rupert Goodwins? 'No: it means that one particular chip has an undocumented feature. An unfortunate feature, to be sure, to find in a secure system — but secret ways in have been built into security systems for as long as such systems have existed.'" Even though this story has been blowing-up on Twitter, there are a few caveats. The backdoor doesn't seem to have been confirmed by anyone else, Skorobogatov is a little short on details, and he is trying to sell the scanning technology used to uncover the vulnerability.
It sells...
Even if this case turns out to be a false alarm, allowing a nation that you repeatedly refer to as a 'near-peer competitor' to build parts of your high-tech weaponry is idiotic.
Would somebody please tease out something a little more credible?
"Extraordinary claims require extraordinary evidence..."
From TFA:
Today we released the drafts of our full papers on QVL technology due to accidental publicity, because someone put the link to our very old drafts of abstracts on Reddit.
This is a security guy I would trust, yessir.
Not sure how exciting this is, as they needed physical access to the chip to get anything out of it.
Why would a country not pay (or direct) a company to create products with particular subtle flaws ?
It would cost 1000x more to discover and leverage a known flaw, than to just get an engineer to insert one - with or without the blessing of his management.
The future is not bright.
That entire article reads more like a press release with FUD than anything with any facts.
Which chip?
Which manufacturer?
Which US customer?
No facts and LOTS of claims. It's pure FUD.
(Not that this might not be a real concern. But the first step is getting past the FUD and marketing materials and getting to the real facts.)
Good read. The bottom line apparently hasn't changed: If you allow physical access, security can be compromised.
Sun Tzu said the greatest victory is one which doesn't require a shot. One won by subverting the enemy from within.
What greater subversion can there be than to convince the enemy to hire you to build their weapon's systems components?
Apparently the American Military (and probably that of the rest of the world) hasn't bothered reading any "classic" literature on warfare before signing on the dotted line...
I do not fail; I succeed at finding out what does not work.
So where does the "offtopic" come from?
Probably from the fact it was offtopic.
Fabs are expensive. The latest generation nodes cost billions of dollars to set up and billions more to run. If they aren't cranking chips out 24/7, they're literally costing money. Yes, I know it's hte military, but I'm sure people have a hard time justifying $10B every few years just to fab a few chips. One of the biggest developments in the 90s was the development of foundries that let anyone with a few tens of millions get in the game of producing chips rather than requiring billions in startup costs. Hence the startup of tons of fabless companies selling chips.
OK, another option is to buy a cheap obsolete fab and make chips that way - much cheaper to run, but we're also talking maybe 10+ year old technology, at which point the chips are going to be slower and take more power.
Also, building your own computer from the ground up is expensive - either you buy the designs of your servers from say, Intel, or design your own. If you buy it, it'll be expensive and probably require your fab to be upgraded (or you get stuck with an old design - e.g., Pentium (the original) - which Intel bought back from the DoD because the DoD had been debugging it over the decade). If you went with the older cheaper fab, the design has to be modified to support that technology (you cannot just take a design and run with it - you have to adapt your chip to the foundry you use).
If you roll your own, that becomes a support nightmare because now no one knows the system.
And on the taxpayer side - I'm sure everyone will question why youre spending billions running a fab that's only used at 10% capacity - unless you want the DoD getting into the foundry business with its own issues.
Or, why is the military spending so much money designing and running its own computer architecture and support services when they could buy much cheaper machines from Dell and run Linux on them?
Hell, even if the DoD had budget for that, some bean counter will probalby do the same so they can save money from one side and use it to buy more fighter jets or something.
30+ years ago, defense spending on electronics formed a huge part of the overall electronics spending. These days, defense spending is but a small fraction - it's far more lucrative to go after the consumer market than the military - they just don't have the economic clout they once had. End result is the miliary is forced to buy COTS ICs, or face stuff like a $0.50 chip costing easily $50 or more for same just because the military is a bit-player for semiconductors.
In other news, voters clamor for an efficient government, but then are shocked when the government sources contracts to the lowest bidder.
*facepalm* Either pay for an expensive, inefficient government that props up corporations solely so that it has a national source for everything military, or shut the fuck up and pay China for its cheap crap.
Those who can, do. Those who can't, sue.
These fabrication centers WERE running full time. Think about it, every radio, every o-scope, every computer that is not connected to the public internet, were all made right here in the U.S. At one of my duty stations, we had a server the size of 3 refrigerators that was fabricated in 1992. We used it as our backup server/router/gateway. All you had to do was turn on a switch and it did everything that we needed it to do. Plus we knew that there were no Chinese surprises in it.
They never ran their own computer architecture, in the late 80's and early 90's they were all SPARC-style computers with Solaris loaded on them (I believe they paid licensing fees, but don't quote me on that). Yes, some of those computers are still in use because they have been running for 15+ years. I know of a few that haven't even been rebooted since they were turned on in 1995. Most field systems (shelters on the back of a vehicle) still use these computers.
Also to consider, for performing the tasks a tactical field system needs to, they do not need a 8-core processor with 64GB of RAM and 4 GB of video memory. They need something that is rugged and can operate in 100+ degree environments while covered in sand (Air conditioners break all the time when it is hot as hell).
When I was in Iraq, the only things that broke were our Dell POS computers. I remember one time we had the SPARC machines running in a shelter with no air conditioning (except for the table fan I grabbed from my room). It was 130+ in that shelter and they ran just fine for the 3 hours it took to find a working AC. That's the kind of computers they need, and if it takes a few billion to put those in essential systems, I have no problem with it. Better than the other BS the government spends their money on.
sudo make me a sandwich
The so called "back door" can only be accessed through the JTAG port as well, so unless the military installed a JTAG bridge to communicate to the outside world and left it there, well then the "backdoor" is rather useless.
With pin access to the FPGA it's trivial to hook it up, no bridges or transceivers needed. If it's a BGA then get a breakout/riser board that provides pin access. This is off-the-shelf stuff. This means if the Chinese military gets their hands on the hardware they can reverse engineer it. They won't have to lean very hard on the manufacturer for them to cough up every last detail. In China you just don't say no to such requests if you know what's good for you and your business.
This is a physical-access backdoor. You have to have your hands on the hardware to be able to use JTAG. It's not a "remote kill switch" driven by a magic data trigger, it's a mechanism that requires use of a special connector on the circuit board to connect to a dedicated JTAG port that is simply neither used nor accessible in anything resembling normal operation.
Surreptitiously modifying a system in place through the JTAG port is possible, but less of a threat: the adversary would have to get access to the system and then return it without anyone noticing.
As someone else mentioned in another post, physical access can be a bit of a misnomer. Technically all that is required is for a computer to be connected via the JTAG interface in order to exploit this. This might be a diagnostic computer for example. If that diagnostic computer were to be infected with a targeted payload, there is your physical access.
'The tyrant will always find pretext for his tyranny.' - Aesop's Fables