A computer chip manufactured in China that is used in US military equipment contains a secret “backdoor” that could severely compromise security, a team of scientists from Cambridge University says.
In a recent report, Sergei Skorobogatov, a senior research associate at the University of Cambridge’s computer laboratory, wrote that his team had developed silicon chip scanning technology that allowed them to investigate claims by various intelligence services worldwide that silicon chips could be infected by malware, such as Stuxnet, that can allow a third party to gain access to or transmit confidential data.
Unlike software, no means currently exist to protect hardware against viruses or Trojan horses, a critical vulnerability for defense systems that are hardware-reliant.
For its research, Skorobogatov’s team selected a chip that was manufactured in China and is used by the US military. The chip, which is prevalent in many systems used in weapons, nuclear power plants and public transport, was considered highly secure and used sophisticated encryption standards.
After performing advanced code breaking, the team found a backdoor they say had been inserted by the manufacturer.
“This backdoor has a key, which we were able to extract,” Skorobogatov wrote on his Web site, discussing what he referred to as hardware assurance. “If you use this key you can disable the chip or reprogram it at will, even if locked by the user with their own key.”
The backdoor access could be turned into an advanced Stuxnet weapon to attack potentially millions of systems, he wrote, adding that the scale and range of the attacks that could be launched using it had huge implications for national security and public infrastructure.
The Cambridge team did not specify the Chinese manufacturer, nor did it mention whether this was an isolated case or signs of a wider trend, according to the online-based The Next Web.
Reports last year claimed that the US Navy had purchased 59,000 microchips in 2010 for use in missiles and transponders that turned out to be counterfeits from China. According to Wired magazine, the fake chips also contained “backdoors” that could have allowed a third party to remotely disable them at any time, severely compromising homing systems and friend-or-foe signals used by aircraft.
The discovery prompted the Intelligence Advanced Research Projects Agency to seek ways to scan hardware — including computer chips — for the presence of malware installed during the production process.
‘ABUSE OF POWER’: Lee Chun-yi allegedly used a Control Yuan vehicle to transport his dog to a pet grooming salon and take his wife to restaurants, media reports said Control Yuan Secretary-General Lee Chun-yi (李俊俋) resigned on Sunday night, admitting that he had misused a government vehicle, as reported by the media. Control Yuan Vice President Lee Hung-chun (李鴻鈞) yesterday apologized to the public over the issue. The watchdog body would follow up on similar accusations made by the Chinese Nationalist Party (KMT) and would investigate the alleged misuse of government vehicles by three other Control Yuan members: Su Li-chiung (蘇麗瓊), Lin Yu-jung (林郁容) and Wang Jung-chang (王榮璋), Lee Hung-chun said. Lee Chun-yi in a statement apologized for using a Control Yuan vehicle to transport his dog to a
Taiwan yesterday denied Chinese allegations that its military was behind a cyberattack on a technology company in Guangzhou, after city authorities issued warrants for 20 suspects. The Guangzhou Municipal Public Security Bureau earlier yesterday issued warrants for 20 people it identified as members of the Information, Communications and Electronic Force Command (ICEFCOM). The bureau alleged they were behind a May 20 cyberattack targeting the backend system of a self-service facility at the company. “ICEFCOM, under Taiwan’s ruling Democratic Progressive Party, directed the illegal attack,” the warrant says. The bureau placed a bounty of 10,000 yuan (US$1,392) on each of the 20 people named in
The High Court yesterday found a New Taipei City woman guilty of charges related to helping Beijing secure surrender agreements from military service members. Lee Huei-hsin (李慧馨) was sentenced to six years and eight months in prison for breaching the National Security Act (國家安全法), making illegal compacts with government employees and bribery, the court said. The verdict is final. Lee, the manager of a temple in the city’s Lujhou District (蘆洲), was accused of arranging for eight service members to make surrender pledges to the Chinese People’s Liberation Army in exchange for money, the court said. The pledges, which required them to provide identification
INDO-PACIFIC REGION: Royal Navy ships exercise the right of freedom of navigation, including in the Taiwan Strait and South China Sea, the UK’s Tony Radakin told a summit Freedom of navigation in the Indo-Pacific region is as important as it is in the English Channel, British Chief of the Defence Staff Admiral Tony Radakin said at a summit in Singapore on Saturday. The remark came as the British Royal Navy’s flagship aircraft carrier, the HMS Prince of Wales, is on an eight-month deployment to the Indo-Pacific region as head of an international carrier strike group. “Upholding the UN Convention on the Law of the Sea, and with it, the principles of the freedom of navigation, in this part of the world matters to us just as it matters in the
RSS