SUGGESTIONS THAT China is intentionally putting backdoors in computer chips used by the US military have been disputed by a security expert.
Security researcher Sergei Skorobogatov at Cambridge University reported that he found a backdoor in a commercial, encrypted military chip (Microsemi/Actel ProASIC3), and warned of terrifying implications.
"We scanned the silicon chip in an affordable time and found a previously unknown backdoor inserted by the manufacturer. This backdoor has a key, which we were able to extract. If you use this key you can disable the chip or reprogram it at will, even if locked by the user with their own key," he wrote.
"This particular chip is prevalent in many systems from weapons, nuclear power plants to public transport. In other words, this backdoor access could be turned into an advanced Stuxnet weapon to attack potentially millions of systems. The scale and range of possible attacks has huge implications for National Security and public infrastructure."
This warning follows reports about Flame, another Stuxnet like weapon that is being discussed in security blogs. However, while that is being widely accepted as a real threat produced by some government intelligence agency, the same cannot be said of the backdoor in the chip.
Robert David Graham writing at the Errata Security blog dismissed talk about a severe vulnerability, explaining that what was found in the chip is nothing out of the ordinary.
"While they did find a backdoor in a popular FPGA chip, there is no evidence the Chinese put it there, or even that it was intentionally malicious. Backdoors are common, but rarely malicious," he said. "The military uses a lot of commercial, off-the-shelf products. That doesn't mean there is anything special about it."
However, he did concede that there is some kind of security threat here, if some tweaks were made to the hardware. "The Chinese might subvert FPGAs so that they could later steal intellectual-property written to the chips," he added, "but the idea they went through all this to attack the US military is pretty fanciful." µ
No, it's not called Jeeves
Processor addresses huge volume of video-related traffic
Our pick of 2016's best budget smartphones so far
Manual camera controls, user accounts, Apple Pay improvements and more