It appears to be a manufacturer inserted feature, as part of protection for FPGA loaded firmware / bit-mask code. <br><br>"Bogus story: no Chinese backdoor in military chip<div>Today's big news is that researchers have found proof of Chinese manufacturers putting backdoors in American chips that the military uses. This is false. While they did find a backdoor in a popular FPGA chip, there is no evidence the Chinese put it there, or even that it was intentionally malicious."</div>
<div><br></div><div><a href="http://erratasec.blogspot.com/2012/05/bogus-story-no-chinese-backdoor-in.html">http://erratasec.blogspot.com/2012/05/bogus-story-no-chinese-backdoor-in.html</a></div><div><br></div><div>-John</div>
<div><br></div><div class="gmail_quote">On Tue, May 29, 2012 at 8:53 AM, Felipe Sanches <span dir="ltr"><<a href="mailto:juca@members.fsf.org" target="_blank">juca@members.fsf.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<h2>
<span> <a href="http://it.slashdot.org/story/12/05/28/1454222/backdoor-found-in-china-made-us-military-chip" target="_blank">Backdoor Found In China-Made US Military Chip?</a></span>
</h2>
<div>
Posted
by
<a href="mailto:samzenpus@slashdot.org" rel="nofollow" target="_blank">samzenpus</a>
on Monday May 28, @01:25PM
<br>from the protect-ya-neck dept.
</div>
<div>
<div>
<a href="http://honorponcacity.com/" rel="nofollow" target="_blank">Hugh Pickens</a> writes <i>"Information
Age reports that the Cambridge University researchers have discovered
that a microprocessor used by the US military but <a href="http://www.information-age.com/channels/security-and-continuity/news/2105468/security-backdoor-found-in-chinamade-us-military-chip.thtml" target="_blank">made in China contains secret remote access capability</a>,
a secret 'backdoor' that means it can be shut off or reprogrammed
without the user knowing. The 'bug' is in the actual chip itself, rather
than the firmware installed on the devices that use it. This means
there is no way to fix it than to replace the chip altogether. 'The
discovery of a backdoor in a military grade chip raises some serious
questions about hardware assurance in the semiconductor industry,'
writes Cambridge University researcher Sergei Skorobogatov. 'It also
raises some searching questions about the integrity of manufacturers
making claims about [the] security of their products without independent
testing.' The unnamed chip, which the researchers claim is widely used
in military and industrial applications, is 'wide open to intellectual
property theft, fraud and reverse engineering of the design to <a href="https://www.cl.cam.ac.uk/%7Esps32/sec_news.html#Assurance" target="_blank">allow the introduction of a backdoor or Trojan</a>',
Does this mean that the Chinese have control of our military
information infrastructure asks Rupert Goodwins? 'No: it means that one
particular chip has an undocumented feature. An unfortunate feature, to
be sure, to find in a secure system — but <a href="http://www.zdnet.co.uk/news/security-threats/2012/05/28/the-secrets-out-for-secure-chip-design-40155296/" target="_blank">secret ways in have been built into security systems</a> for as long as such systems have existed.'"</i>
<br><br>Even though this story has been blowing-up on Twitter, there are a few
caveats. The backdoor doesn't seem to have been confirmed by anyone
else, Skorobogatov is a little short on details, and he is trying to
sell the scanning technology used to uncover the vulnerability.</div>
</div>
<br>_______________________________________________<br>
Noisebridge-discuss mailing list<br>
<a href="mailto:Noisebridge-discuss@lists.noisebridge.net">Noisebridge-discuss@lists.noisebridge.net</a><br>
<a href="https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss" target="_blank">https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss</a><br>
<br></blockquote></div><br>