[Noisebridge-discuss] /.: Backdoor Found In China-Made US Military Chip?
juca at members.fsf.org
Tue May 29 08:53:56 PDT 2012
Backdoor Found In China-Made US Military
Posted by samzenpus <samzenpus at slashdot.org> on Monday May 28, @01:25PM
from the protect-ya-neck dept.
Hugh Pickens <http://honorponcacity.com/> writes *"Information Age reports
that the Cambridge University researchers have discovered that a
microprocessor used by the US military but made in China contains secret
remote access capability<http://www.information-age.com/channels/security-and-continuity/news/2105468/security-backdoor-found-in-chinamade-us-military-chip.thtml>,
a secret 'backdoor' that means it can be shut off or reprogrammed without
the user knowing. The 'bug' is in the actual chip itself, rather than the
firmware installed on the devices that use it. This means there is no way
to fix it than to replace the chip altogether. 'The discovery of a backdoor
in a military grade chip raises some serious questions about hardware
assurance in the semiconductor industry,' writes Cambridge University
researcher Sergei Skorobogatov. 'It also raises some searching questions
about the integrity of manufacturers making claims about [the] security of
their products without independent testing.' The unnamed chip, which the
researchers claim is widely used in military and industrial applications,
is 'wide open to intellectual property theft, fraud and reverse engineering
of the design to allow the introduction of a backdoor or
Does this mean that the Chinese have control of our military information
infrastructure asks Rupert Goodwins? 'No: it means that one particular chip
has an undocumented feature. An unfortunate feature, to be sure, to find in
a secure system — but secret ways in have been built into security
as long as such systems have existed.'"
Even though this story has been blowing-up on Twitter, there are a few
caveats. The backdoor doesn't seem to have been confirmed by anyone else,
Skorobogatov is a little short on details, and he is trying to sell the
scanning technology used to uncover the vulnerability.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Noisebridge-discuss