Report: Hackers could access US weapons systems through vulnerable chip
A pair of cybersecurity researchers say an encrypted chip used by the military and nuclear power plants has a secret 'backdoor' that can be hacked. It could be a wakeup call for the industry.
(Page 2 of 3)
Once inside the chip's backdoor, the potential for mischief is significant. The chip can be reprogrammed to do anything the attacker wants it to do, including erase itself or divulge information like classified algorithms for targeting, flight control, and other systems, the researchers say. Moreover, successful attackers would have access to proprietary secrets behind the chip's design.
Skip to next paragraph
Subscribe Today to the Monitor
"This means the device is wide open to intellectual property theft, fraud, re-programming as well as reverse engineering of the design which allows the introduction of a new backdoor or Trojan," writes Mr. Skorobogatov and fellow Cambridge researcher Christopher Woods in their paper.
Concern about kill switches
These are some of the concerns that have led the Pentagon and intelligence agencies to accelerate the development of tools that can scrutinize chips for signs of intentionally built-in microscopic vulnerabilities. A kill-switch, for example, could allow an adversary to send a command that could cause a critical failure on a computer controlled weapon system like a jet fighter, these experts say.
"There's a lot of concern within the US military and intelligence agencies that people, other governments, could be putting into these chips not just backdoors, but kill switches that are extremely difficult to detect," says David Adler, president of DLA Instruments Corp. of San Jose, Calif., which is assisting the Pentagon in its efforts to detect microscopic tampering.
The concern spreads beyond the military. The chips are also used widely in nuclear power plants, power distribution, aerospace, aviation, public transport, and automotive products, and the discovery could pave the way for cyberattacks on vital infrastructure.
"This permits a new and disturbing possibility of a large scale Stuxnet-type attack via a network or the Internet on the silicon itself," the Cambridge researchers write, referring to a now notorious cybersabotage attack on centrifuge systems inside Iran's nuclear fuel-enrichment facility – an attack recently identified as the handiwork of the US and Israel.
"To our knowledge, this is the first documented case of finding a deliberately inserted backdoor in a real world chip," the researchers state.
Chipmaker's response
The chip's maker, Actel, now a subsidiary of Irvine, Calif.-based Microsemi Corp., disputes the researchers' claim, saying there is no backdoor at all, while also noting that future designs will be even more secure.
"Microsemi can confirm that there is no designed feature that would enable the circumvention of the user security," the company said in a statement. "The researchers assertion is that with the discovery of a security key, a hacker can gain access to a privileged internal test facility reserved for initial factory testing and failure analysis. Microsemi verified that the internal test facility is disabled in all shipped devices."
Previous
These comments are not screened before publication. Constructive debate about the above story is welcome, but personal attacks are not. Please do not post comments that are commercial in nature or that violate any copyright[s]. Comments that we regard as obscene, defamatory, or intended to incite violence will be removed. If you find a comment offensive, you may flag it.