Malware, Vulnerability Management

Military chip’s backdoor flaw poses national security questions

A hardware defect found in a Chinese-manufactured silicon chip used by the U.S. government could give attackers a way to tamper with sensitive applications connected to national security, experts say.

Researchers at the University of Cambridge in the U.K. came across a secret access point in a field-programmable gate array (FPGA), a semiconductor device that can be configured by its users to add custom functionality.

A Google search reveals that the chip in question, the Actel ProASIC3 (AP3), which is manufactured by California-based defense contractor Microsemi, are used by the military and other industries in sensitive applications, including weapons, flight controls, power distribution, and nuclear power plants, according to a study released by researchers at the university.

“This backdoor access could be turned into an advanced Stuxnet weapon to attack potentially millions of systems,” Sergei Skorobogatov, a University of Cambridge researcher and co-author of the study, wrote in a Tuesday blog post. “The scale and range of possible attacks [have] huge implications for national security and public infrastructure.”

According the study, while software vulnerabilities can be easily addressed by issuing a patch, hardware defects are not as easily fixable -- and are much more costly.

“If the hardware has a vulnerability, then all the energy in defending at the software level is redundant,” he wrote. “An effort must be made to defend and detect at the hardware level for a more comprehensive strategy.”

Although the study alludes to the backdoor being intentionally implemented, there is no evidence that points to malicious intent, Robert Graham, CEO of Errata Security, wrote in a blog post.

While there's no negating a backdoor was found in a commonly used chip, Graham cites numerous holes in the study, including the fact that it only offers “speculation” and no actual clues that hint to cyber espionage efforts by the Chinese.

“The Chinese might subvert FPGAs so that they could later steal intellectual property written to the chips, but the idea that they went through all of this to attack the U.S. military is pretty fanciful,” he wrote.

A Microsemi spokesperson could not be reached for comment by SCMagazine.com.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.