Wednesday, 30 May 2012 20:23

New "Backdoor" Security Issue Found With FPGA Chips

Written by

Reading time is around minutes.

broken-lockSo what is more frightening than having a worm or a virus infect your network? How about a virus or worm that can infect the hardware that controls your network. According researchers at Cambridge this could be possible through the use of hard coded back doors in control processors. Although the idea of being able to reprogram the microcode inside computer chips is nothing new it has never been viewed as a threat before. After all most companies are very careful about allowing someone other than themselves to have access to the paths that would allow the original code to be overwritten.

What someone has begun to consider is the implications of some sort of backdoor access that would allow this beyond the normal means that exist for a buyer to reprogram the chips. This is apparently what the researchers at Cambridge are saying they found in a common control chip used by the US military which was manufactured in China. According to a post on cl.cam.ac.uk;

“Claims were made by the intelligence agencies around the world, from MI5, NSA and IARPA, that silicon chips could be infected. We developed breakthrough silicon chip scanning technology to investigate these claims. We chose an American military chip that is highly secure with sophisticated encryption standard, manufactured in China. Our aim was to perform advanced code breaking and to see if there were any unexpected features on the chip. We scanned the silicon chip in an affordable time and found a previously unknown backdoor inserted by the manufacturer. This backdoor has a key, which we were able to extract. If you use this key you can disable the chip or reprogram it at will, even if locked by the user with their own key. This particular chip is prevalent in many systems from weapons, nuclear power plants to public transport. In other words, this backdoor access could be turned into an advanced Stuxnet weapon to attack potentially millions of systems. The scale and range of possible attacks has huge implications for National Security and public infrastructure.”


Now as we have said the means to reprogram processors has been there for a long time, but the type of security flaw that they are talking about here is not something that you would expect. Now… we will say that this was something that was brought up when the US opened the ability to purchase components outside the US back in the early 90s. The thought was that someone could sell defective parts or parts that could be used to take over control systems remotely. At the time it was seen as pure science fiction (well except for the people that wrote the movie Real Genius) and was ruled out as a possibility.

With the level of technological sophistication that we have seen from Malware developers, hackers and criminals we are honestly surprised that no one has checked this out before. This is the type of oversight that has allow critical infrastructure services to be left on open networks with default passwords and outdated operating systems and browsers to be run in mission critical systems.

Are we looking at a massive security threat from reprogrammable hardware? Probably not, but we are looking at a new threat that should be taken very seriously and not just by the military. Many other computerized services use systems that might have reprogrammable chips in them. Any of these could have backdoor access or even a way to break open the paths that allow reprograming. Now this does not apply to all processors or computer components, but specifically to the manufacture and production of FPGA (Field Programmable Gate Arrays). In this case the access was specifically programed into the chips (possibly by Microsemi/Actel) and can be turned on remotely with a specialized key. According to the research with this key you can read, disable and overwrite the existing code in the chip which (as Harold Ramis put it in Ghost Busters) would be bad.

Discuss this in our Forum

Read 3510 times Last modified on Wednesday, 30 May 2012 20:30

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.