Researchers find vulnerability that could allow spying in Chinese chips used by US army [Updated]

Researchers find vulnerability that could allow spying in Chinese chips used by US army [Updated]

A team of researchers from Cambridge University say they have found evidence that a Chinese-manufactured chip used by US armed forces contains a secret access point that could leave it vulnerable to third party tampering.

The researchers tested an unspecified US military chip — used in weapons, nuclear power plants to public transport — and found that a previously unknown ‘backdoor’ access point had been added, making systems and hardware open to attack, the team says.

Updated below.

Cambridge University researcher, Sergei Skorobogatov, explains:

We scanned the silicon chip in an affordable time and found a previously unknown backdoor inserted by the manufacturer. This backdoor has a key, which we were able to extract. If you use this key you can disable the chip or reprogram it at will, even if locked by the user with their own key.

This particular chip is prevalent in many systems from weapons, nuclear power plants to public transport. In other words, this backdoor access could be turned into an advanced Stuxnet weapon to attack potentially millions of systems. The scale and range of possible attacks has huge implications for National Security and public infrastructure.

While the initial research is a concern, a number of question marks remain over the findings before further conclusions can be drawn.

It is unclear if the access point is isolated to the chip that was tested or whether Skorobogatov and his colleagues have stumbled upon a larger trend. Likewise, it remains possible that the modified back door access could have been created by the US armed forces themselves.

The news comes at a time when Chinese cyber-spying threats are a particular concern. Chinese telecom manufacturers ZTE and Huawei are already under investigation from the US government, which is assessing whether the duo’s telecom businesses pose a national security threat.

The Cambridge researchers did not name the company that developed the chip tested, nor did they provide more specific details of its usage. We’ve contacted Skorobogatov for further details and will provide any more information that we’re given.

Hat tip Paul Denlinger, Bill Bishop via Twitter

Further reading, the issue is being discussed in this interesting thread on Hacker News

Update: Cyber security specialist Errata Security has poured cold water on the Cambridge team’s conclusions, in a blog post that includes the following:

Today’s big news is that researchers have found proof of Chinese manufacturers putting backdoors in American chips that the military uses. This is false. While they did find a backdoor in a popular FPGA chip, there is no evidence the Chinese put it there, or even that it was intentionally malicious.

It’s important to note that while the researchers did indeed discover a backdoor, they offer only speculation, but no evidence, as to the source of the backdoor. As somebody with a lot of experience with this sort of thing in software cybersecurity, I doubt there is anything malicious behind it.

It’s also important to note that the issue is “intellectual property protection” in FPGAs; the “military security” angle is really distant. The Chinese might subvert FPGAs so that they could later steal intellectual-property written to the chips, but the idea they went through all this to attack the US military is pretty fanciful.

Read next: India's leading operator Bharti Airtel unveils mobile advertising service