A new discovery has been made by a Cambridge University researcher that a chip used by the US military features a security backdoor which could have massive implications on on national security. The chip, which was built in China, cannot simply be reprogrammed as the security backdoor is physically present on the silicon.
Sergei Skorobogatov of Quo Vadis Labs at Cambridge University said:
Our aim was to perform advanced code breaking and to see if there were any unexpected features on the (US Military) chip. We scanned the silicon chip in an affordable time and found a previously unknown backdoor inserted by the manufacturer. This backdoor has a key, which we were able to extract. If you use this key you can disable the chip or reprogram it at will, even if locked by the user with their own key. This particular chip is prevalent in many systems from weapons, nuclear power plants to public transport. In other words, this backdoor access could be turned into an advanced Stuxnet weapon to attack potentially millions of systems. The scale and range of possible attacks has huge implications for National Security and public infrastructure.
Now, let's be fair: it isn't a sure thing that the backdoor was introduced by the Chinese. It's more probable that the backdoor was present in the original design as a debugging tool for the designer. This is a common practice and these backdoors are often present and not malicious. As such it is unlikely that it was put in by the Chinese.
Skorobogatov thinks his discovery illustrates a big problem in chip manufacture: "The discovery of a backdoor in a military grade chip raises some serious questions about hardware assurance in the semiconductor industry." It's likely being attributed to the Chinese in the wake of the Flame malware that came to light yesterday. Hopefully the company behind the chip will issue a statement that it was part of the original design.
Further Reading: Read and find more Hacking & Security news at our Hacking & Security news index page.