Tuesday, May 29, 2012

UK researchers discover backdoor in American military chip


UK researchers discover backdoor in American military chip

Image001

Amy Walters/Shutterstock.com

 

U.K.-based security researchers have found a backdoor that was “deliberately” inserted into an American military chip to help attackers gain unauthorized access and reprogram its memory, according to a draft research paper.

Sergei Skorobogatov, a researcher at Cambridge University, discovered that a military-grade silicon device made by California-based Microsemi Corp., the ProASIC3 A3P250, contained a glitch that would allow individuals to remotely tweak its functions. “This permits a new and disturbing possibility of a large scale Stuxnet-type attack via a network or the Internet on the silicon itself,” the paper suggests. The Stuxnet worm, discovered in 2010, targets industrial systems.

Skorobogatov, collaborating with a researcher at U.K.-based Quo Vadis Labs, which researches sensor technology, found “proof that the backdoor was deliberately inserted and even used as a part of the overall security scheme.” The duo did not disclose details, citing a “confidentiality agreement.”

The backdoor is “close to impossible to fix on chips already deployed” because software patches can’t fix the bugs. The security holes can only be removed by removing all such chips installed in systems, the duo noted.

Microsemi’s aggregate net sales to defense and security users represented approximately 29 percent of total net sales in 2012, according to its most recent quarterly regulatory filing. The device in question is “heavily marketed to the military and industry,” the draft report states.

A Microsemi spokesperson did not respond to a request for comment.

The research duo's full findings will be presented at a conference in Belgium in September, Skorobogatov said in an email to Nextgov.

(Image via Amy Walters/Shutterstock.com /Shutterstock.com)

__._,_.___

No comments:

Post a Comment