So what is more frightening than having a worm or a virus infect your network? How about a virus or worm that can infect the hardware that controls your network. According researchers at Cambridge this could be possible through the use of hard coded back doors in control processors. Although the idea of being able to reprogram the microcode inside computer chips is nothing new it has never been viewed as a threat before. After all most companies are very careful about allowing someone other than themselves to have access to the paths that would allow the original code to be overwritten.
What someone has begun to consider is the implications of some sort of backdoor access that would allow this beyond the normal means that exist for a buyer to reprogram the chips. This is apparently what the researchers at Cambridge are saying they found in a common control chip used by the US military which was manufactured in China. According to a post on cl.cam.ac.uk;
Now as we have said the means to reprogram processors has been there for a long time, but the type of security flaw that they are talking about here is not something that you would expect. Now… we will say that this was something that was brought up when the US opened the ability to purchase components outside the US back in the early 90s. The thought was that someone could sell defective parts or parts that could be used to take over control systems remotely. At the time it was seen as pure science fiction (well except for the people that wrote the movie Real Genius) and was ruled out as a possibility. With the level of technological sophistication that we have seen from Malware developers, hackers and criminals we are honestly surprised that no one has checked this out before. This is the type of oversight that has allow critical infrastructure services to be left on open networks with default passwords and outdated operating systems and browsers to be run in mission critical systems. Are we looking at a massive security threat from reprogrammable hardware? Probably not, but we are looking at a new threat that should be taken very seriously and not just by the military. Many other computerized services use systems that might have reprogrammable chips in them. Any of these could have backdoor access or even a way to break open the paths that allow reprograming. Now this does not apply to all processors or computer components, but specifically to the manufacture and production of FPGA (Field Programmable Gate Arrays). In this case the access was specifically programed into the chips (possibly by Microsemi/Actel) and can be turned on remotely with a specialized key. According to the research with this key you can read, disable and overwrite the existing code in the chip which (as Harold Ramis put it in Ghost Busters) would be bad.
Discuss this in our Forum