Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

China's link to chip backdoor shut close

Taylor Armerding | June 5, 2012
Security experts, along with researcher who found the backdoor, say no evidence of China's involvement

Skorobogatov has also backed off his original claim that the chip he analyzed was military grade. "Because military parts are not publicly sold, we cannot comment [on] our results on them, but for the publication results, we chose A3P250 industrial device, because it behaves in the similar way as military-grade parts," he wrote on his website.

However, other analysts say Skorobogatov's suggestion that this chip is used in defense and industrial infrastructure systems is also exaggerated. Robert David Graham, writing on the Errata Security blog, called much of it "bogus."

"Much has been made about this being a 'military' chip, but that's not true -- at least, it's not what you think," he wrote.

"The military uses a lot of commercial, off-the-shelf products. A million soldiers use laptops to browse Facebook and exchange emails with their loved ones. It doesn't mean that these laptops are anything special or different than any other laptops. They are the same Dell, Apple, and HP laptops that everyone else uses."

There is also debate over the source of the backdoor. Graham, who said they are relatively common and "a byproduct of software complexity," suggested that they come from one of the most common building blocks of chips, the debugger known as JTAG. "This is a standard way of soldering some wires to the chip and connecting to the USB port, allowing common tools to debug your custom chip,"Ã'Â GrahamÃ'Â said.

"Companies [should] disable the debug feature in the version they send to customers, but that's not so easy with chips. Therefore, chips always have the JTAG interface enabled. What chip designers attempt to do is just not connect the pins to it. Or, if they connect the pins, they don't route to the pins on the circuit board," heÃ'Â said.

This, he said, can enable hacking a device, unless there is, "a key [put] into the JTAG hardware that only the manufacturer knows, to disable some of the more dangerous JTAG commands. That's what appears to have happened here."

"Whether you call this a security feature to prevent others from hacking the chip through JTAG, or a secret backdoor available only to the manufacturer, is open to interpretation," Graham said.

But ZDNet's report quotes Microsemi saying that the JTAG debugging interface "is disabled in all shipped devices."

Whatever the source of the backdoor, Joel Harding, a former military intelligence officer and now an information operations expert and consultant, said Skorobogatov's findings, "highlight a huge problem."

"There is no 'vetting' process for Chinese computers. Yes, we have independent researchers like Sergei, but how do you know that the computer on your desk doesn't contain a backdoor? Who checked the software? Is there malicious code on board?" he said.Ã'Â "There is no program looking at 99.9999% of computers to make sure they are safe and secure. Not even congressmen or senators have their computers checked."


Previous Page  1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.