Slashdot Mirror

← Back to Stories (view on slashdot.org)

Backdoor Found In China-Made US Military Chip?

Posted by samzenpus on from the protect-ya-neck dept.

Hugh Pickens writes "Information Age reports that the Cambridge University researchers have discovered that a microprocessor used by the US military but made in China contains secret remote access capability, a secret 'backdoor' that means it can be shut off or reprogrammed without the user knowing. The 'bug' is in the actual chip itself, rather than the firmware installed on the devices that use it. This means there is no way to fix it than to replace the chip altogether. 'The discovery of a backdoor in a military grade chip raises some serious questions about hardware assurance in the semiconductor industry,' writes Cambridge University researcher Sergei Skorobogatov. 'It also raises some searching questions about the integrity of manufacturers making claims about [the] security of their products without independent testing.' The unnamed chip, which the researchers claim is widely used in military and industrial applications, is 'wide open to intellectual property theft, fraud and reverse engineering of the design to allow the introduction of a backdoor or Trojan', Does this mean that the Chinese have control of our military information infrastructure asks Rupert Goodwins? 'No: it means that one particular chip has an undocumented feature. An unfortunate feature, to be sure, to find in a secure system — but secret ways in have been built into security systems for as long as such systems have existed.'" Even though this story has been blowing-up on Twitter, there are a few caveats. The backdoor doesn't seem to have been confirmed by anyone else, Skorobogatov is a little short on details, and he is trying to sell the scanning technology used to uncover the vulnerability.

8 of 270 comments (clear)

  1. Fear mongering by jhoegl · · Score: 5, Insightful

    It sells...

  2. What did the military expect? by runeghost · · Score: 5, Insightful

    Even if this case turns out to be a false alarm, allowing a nation that you repeatedly refer to as a 'near-peer competitor' to build parts of your high-tech weaponry is idiotic.

    1. Re:What did the military expect? by Electricity+Likes+Me · · Score: 5, Insightful

      Seriously.

      Isn't military production capability the one thing you specifically never ever want to outsource, especially when it's to the people you keep simulating wars with.

    2. Re:What did the military expect? by Jawnn · · Score: 5, Insightful

      Seriously.

      Isn't military production capability the one thing you specifically never ever want to outsource, especially when it's to the people you keep simulating wars with.

      Well..., no. Not if your primary aim is profit. Fuck national security. If your corporation can make a buck selling "defense technology", and it can make 1.5 bucks selling defense technology using cheap offshore parts, you use the cheap offshore parts. Dealing with bad PR like this is what lobbyists are for.

    3. Re:What did the military expect? by vlm · · Score: 5, Insightful

      I can't imagine them selling fighter planes to Saudi Arabia and not putting in a kill switch.

      Its called the spare parts stream. How long did it take Iran's F-14s to completely break down, even with extensive conservation, cannibalization, and duct-tape fixes?

      Also the training/support stream. There's a certain small size where you can afford internal low, maybe even mid level operational support, but can't afford to train new techs/mechanics... If you had the internal resources to run a high level training facility, you would be in the arms dealing business making your own aircraft, not buying someone elses airplane.

      This is not limited to high tech aviation. Lets say I give you a M-16. Oh, you'd like ammo too, well we can make a separate yearly deal for that. Oh and you say you're not a gunsmith, well we can make a deal for that too. Oh you don't know how to use it, lets make a deal for some instructors. Your cam pin snapped and the highest tech metal working facility you have is a blacksmiths anvil, well we can make a deal for spare parts too. Suddenly that "free" M-16 is terribly expensive.

      --
      "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
  3. Particularly in a press release like that. by khasim · · Score: 5, Insightful

    That entire article reads more like a press release with FUD than anything with any facts.

    Which chip?
    Which manufacturer?
    Which US customer?

    No facts and LOTS of claims. It's pure FUD.

    (Not that this might not be a real concern. But the first step is getting past the FUD and marketing materials and getting to the real facts.)

    1. Re:Particularly in a press release like that. by TheDarkMaster · · Score: 5, Insightful

      Take it easy. I assume if the researcher openly say exactly what chip and where exactly is the backdoor, then the military would be REALLY in trouble. So it may still be FUD, but caution never killed anyone.

      --
      Religion: The greatest weapon of mass destruction of all time
    2. Re:Particularly in a press release like that. by colinrichardday · · Score: 5, Insightful

      Suing is easy, just file in the appropriate court. The hard part is winning, or even getting a judge to let you proceed.