6502.org Forum  Projects  Code  Documents  Tools  Forum
It is currently Sat Nov 23, 2024 10:40 pm

All times are UTC




Post new topic Reply to topic  [ 2 posts ] 
Author Message
PostPosted: Fri Jun 01, 2012 12:44 pm 
Offline

Joined: Wed May 20, 2009 1:06 pm
Posts: 491
Researchers at the Cambridge University has discovered a secret back-door in American military chips manufactured in China.

"The backdoor was found to exist on the silicon itself, it was not present in any firmware loaded onto the chip. Using Pipeline Emission Analysis (PEA), a technique pioneered by QVL we were able to extract the secret key to activate the backdoor. This way an attacker can disable all the security on the chip, reprogram the AES key, access unencrypted configuration bitstream or permanently damage the device. Clearly this means the device is wide open to intellectual property theft, fraud, re-programming and reverse engineering of the design to allow the introduction of a new backdoor or Trojan. Most disturbingly, it is not possible to patch the backdoor in chips already deployed which means those using this type of chip have to live with the fact it can be easily compromised or they will have to be physically replaced after a redesign of the silicon itself." http://www.cl.cam.ac.uk/~sps32/sec_news.html#Assurance

Trojans and worms are very suitable to exploit back-doors like this, and maybe it has already happened? In 2010, the worm Stuxnet (Link) targeted with marksman's precision certain Siemens industrial equipment in Iran (read: that the centrifuges used to process nuclear fuel), in a way that most experts agree could only happen with nation-state support, and the US and/or Israel are high up on the list of suspects. In 2007, Israel made an air assault on targets in north-eastern parts of Syria. What was a bit "peculiar" about this, was how the Syrian state-of-the-art Radar System went down prior to the attack and could not warn about the attack. It wasn't long before military and technology bloggers concluded that this was an incident of electronic warfare - and not just any kind. Post after post speculated that the commercial off-the-shelf microprocessors in the Syrian radar might have been purposely fabricated with a hidden ”backdoor” inside. By sending a preprogrammed code to those chips, an unknown antagonist had disrupted the chips' function and temporarily blocked the radar.

http://spectrum.ieee.org/semiconductors ... ill-switch

Question is who put in those back-doors? China? The US? The chip designers on their own initiatives? 99% of all CPU's are manufactured in China, but mostly they are designed and ordered by US (or other western) corporations, like Intel, AMD, TI, Apple, etc. Pentagon alone buys about 1% of the worlds entire processor production. And as mentioned above, US/Israel can have used those back-doors already. On the other hand, another peculiar event was when Iran hacked a US stealth drone and managed to land it safely and take it into their possession(http://www.wired.com/dangerroom/2011/12 ... -hack-gps/), and many speculations about this suggests involvement/help from China in order to accomplish this.

Anyway, no matter who put in those back-doors, they go both ways; now when they are known they can be used by anyone with the appropriate know-how...


This blog has a lot of information on the discussion:
http://www.cl.cam.ac.uk/~sps32/

Quote:
Kamlyuk said Flame can copy and steal data and audio files, turn on a computer microphone and record all the sounds in its vicinity, take screen shots, read documents and emails, and capture passwords and logins.

The program can communicate with other computers in its radius via the infected computer's Bluetooth capability and locate their whereabouts even without an Internet connection, he said.


http://www.latimes.com/news/nationworld ... 6511.story


Top
 Profile  
Reply with quote  
PostPosted: Fri Jun 01, 2012 1:44 pm 
Offline
User avatar

Joined: Thu Dec 11, 2008 1:28 pm
Posts: 10986
Location: England
That was interesting research, but the actual finding was a second key for Actel's use. So the FPGA design which is supposedly only available to the customer with their key is actually not so well-protected, especially as the second key can be recovered and is the same for all devices.

Good research but sensationally presented. No China angle. (There's an ambiguity as to whether China is meant to include Taiwan, and another ambiguity as to whether manufacturer is meant to mean Actel or the chip foundry.)

Cheers
Ed

Edit: it seems Microsemi bought (this part of?) Actel's business.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

All times are UTC


Who is online

Users browsing this forum: No registered users and 16 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to: