[Noisebridge-discuss] /.: Backdoor Found In China-Made US Military Chip?

John Ellis neurofog at gmail.com
Tue May 29 18:15:44 UTC 2012


It appears to be a manufacturer inserted feature, as part of protection for
FPGA loaded firmware / bit-mask code.

"Bogus story: no Chinese backdoor in military chip
Today's big news is that researchers have found proof of Chinese
manufacturers putting backdoors in American chips that the military uses.
This is false. While they did find a backdoor in a popular FPGA chip, there
is no evidence the Chinese put it there, or even that it was intentionally
malicious."

http://erratasec.blogspot.com/2012/05/bogus-story-no-chinese-backdoor-in.html

-John

On Tue, May 29, 2012 at 8:53 AM, Felipe Sanches <juca at members.fsf.org>wrote:

>  Backdoor Found In China-Made US Military Chip?<http://it.slashdot.org/story/12/05/28/1454222/backdoor-found-in-china-made-us-military-chip>
> Posted by samzenpus <samzenpus at slashdot.org> on Monday May 28, @01:25PM
> from the protect-ya-neck dept.
>  Hugh Pickens <http://honorponcacity.com/> writes *"Information Age
> reports that the Cambridge University researchers have discovered that a
> microprocessor used by the US military but made in China contains secret
> remote access capability<http://www.information-age.com/channels/security-and-continuity/news/2105468/security-backdoor-found-in-chinamade-us-military-chip.thtml>,
> a secret 'backdoor' that means it can be shut off or reprogrammed without
> the user knowing. The 'bug' is in the actual chip itself, rather than the
> firmware installed on the devices that use it. This means there is no way
> to fix it than to replace the chip altogether. 'The discovery of a backdoor
> in a military grade chip raises some serious questions about hardware
> assurance in the semiconductor industry,' writes Cambridge University
> researcher Sergei Skorobogatov. 'It also raises some searching questions
> about the integrity of manufacturers making claims about [the] security of
> their products without independent testing.' The unnamed chip, which the
> researchers claim is widely used in military and industrial applications,
> is 'wide open to intellectual property theft, fraud and reverse engineering
> of the design to allow the introduction of a backdoor or Trojan<https://www.cl.cam.ac.uk/%7Esps32/sec_news.html#Assurance>',
> Does this mean that the Chinese have control of our military information
> infrastructure asks Rupert Goodwins? 'No: it means that one particular chip
> has an undocumented feature. An unfortunate feature, to be sure, to find in
> a secure system — but secret ways in have been built into security systems<http://www.zdnet.co.uk/news/security-threats/2012/05/28/the-secrets-out-for-secure-chip-design-40155296/>for as long as such systems have existed.'"
> *
>
> Even though this story has been blowing-up on Twitter, there are a few
> caveats. The backdoor doesn't seem to have been confirmed by anyone else,
> Skorobogatov is a little short on details, and he is trying to sell the
> scanning technology used to uncover the vulnerability.
>
> _______________________________________________
> Noisebridge-discuss mailing list
> Noisebridge-discuss at lists.noisebridge.net
> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.noisebridge.net/pipermail/noisebridge-discuss/attachments/20120529/ad93f76b/attachment-0001.html>


More information about the Noisebridge-discuss mailing list