(Translated from the original Italian)
During last few days an incident in the news has circulated on internet about a microchip used by the US military and manufactured in China that contains a secret "backdoor" that makes possible remote control of devices utilizing it.
The disclosure is attributed to a Cambridge University Computing Laboratory, and it’s clear the media impact from similar news in the security environment that created a grave concern given the overwhelming problem of qualification of hardware with particular reference to the military.
The researcher at Cambridge University, Sergei Skorobogatov, wrote in a draft document that the chip is being used in military and industrial applications.
Skorobogatov declared that a backdoor has been discovered during testing of a new technique to extract an encryption key from chip, a technique developed by a spin-off Quo Vadis Labs.
The existence of a backdoor could expose systems to serious risks from theft of intellectual property, and the victims and could be under threat a complete control of the devices at the hands of attackers.
The researcher is convinced of the backdoor existence as part of the chip, and that it isn't related to the firmware. Skorobogatov wrote:
"The discovery of a backdoor in a military grade chip raises some serious questions about hardware assurance in the semiconductor industry,"
A different view has been provided by Robert Graham, U.S. security consultant at Errata Security, who has declared that the discovered bug hasn't a malicious purpose, and that it is merely an entry point installed by the manufacturer for debugging operations.
"It's remotely possible that the Chinese manufacturer added the functionality, but highly improbable. It's prohibitively difficult to change a chip design to add functionality of this complexity."
Graham added that regardless, the presence of a backdoor could pose a security threat:
"It not only allows the original manufacturer to steal intellectual-property, but any other secrets you tried to protect with the original [encryption] key."
Graham argues that the presence of backdoors is widespread, with about 20% of home routers and around 50% of industrial control computers having backdoors. Not all backdoors of course have a malicious purpose, and in many cases they are used to debug software and firmware contained in the products.
Graham added that chip designers construct a chip from building-blocks, including a module with a debugging functionality such as JTAG. Many commercial products also include the famous module for chip debugging.
(click image to enlarge)
The expert says that companies should disable the debug feature in the final version, but usually they don't do it due to the great expense to the design of the chip, so they leave the JTAG interface enabled but not connected to the pins or they don't route to the pins on the circuit board.
The chip in question (Microsemi/Actel ProASIC3) is a typical FPGA – a chip with a blank array of gates that can be programmed to emulate almost any other kind of chip. The general purpose FPGA are cheapest among real silicon chips, so they are widely used.
It is clear of the importance of devoting attention to hardware devices in a more advanced technology scenario. Microcircuits and firmware are present in every device around us, from the control of our cars to satellite communications systems. Each product requires careful analysis and qualification of the manufacturing processes that accompany it.
The ability to manage every aspect of what we have described must be part of a cyber strategy that each country must deploy, and that is the only way to guarantee satisfactory security levels.
In the meantime, let's wait for the final response of the Microsemi/Actel firm.
Cross-posted from Security Affairs