Cambridge University experts made available the results of their research
Cambridge University researchers have developed a silicon chip scanning technology that allows them to look for signs of malicious elements in the components currently utilized in many industries. They’ve found that a chip utilized by the American military contains a backdoor embedded by its Chinese manufacturer.“We scanned the silicon chip in an affordable time and found a previously unknown backdoor inserted by the manufacturer. This backdoor has a key, which we were able to extract. If you use this key you can disable the chip or reprogram it at will, even if locked by the user with their own key,” experts wrote.
The chip they’ve analyzed, Microsemi/Actel ProASIC3, is apparently used in a number of fields, including weapon construction, nuclear power plants and even public transport. They believe that the backdoor could be turned into “an advanced Stuxnet weapon” and used against millions of systems.
However, shortly after the news was published, the folks from Errata Security came forward questioning the researchers’ findings.
They highlight the fact that backdoors are not uncommon in pieces of software and their presence doesn’t necessarily mean that someone is planning a malicious plot. Furthermore, there is no evidence that the Chinese actually planted the backdoor.
Also, the technique utilized to find the security hole, fuzzing the JTAG port, has been questioned.
“Fuzzing has found backdoors in software before, but nobody claimed it was the work of the evil Chinese. We should keep this perspective,” Robert David Graham of Errata Security said.
Moreover, Graham reports that the chip isn’t used by the military because it is special in a government secret kind of way, but because the manufacturer offers a version of the component that’s designed to work at high temperatures.
Microsemi/Actel are expected to issue an official statement to defend their position but, in the meantime, many believe that there’s nothing “evil” about the presence of the backdoor.