Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyberwarfare

Chinese Chip Maker Comments on Backdoor Found on Chip Used by U.S. Military

Earlier this week, SecurityWeek reported on news that Cambridge University researchers discovered a backdoor on a field-programmable gate array (FPGA) chip used by the U.S military. The news originally spread like wildfire, but shortly after, some began to doubt that the story was worth the hype.

Earlier this week, SecurityWeek reported on news that Cambridge University researchers discovered a backdoor on a field-programmable gate array (FPGA) chip used by the U.S military. The news originally spread like wildfire, but shortly after, some began to doubt that the story was worth the hype.

“Our aim was to perform advanced code breaking and to see if there were any unexpected features on the chip. We scanned the silicon chip in an affordable time and found a previously unknown backdoor inserted by the manufacturer. This backdoor has a key, which we were able to extract. If you use this key you can disable the chip or reprogram it at will, even if locked by the user with their own key,” the research overview explained.

The overview, and the fact that China is where the world gets its silicon supply, quickly led to sensationalistic headlines charging the Communist nation with espionage. Yet, some became skeptical because no one else discovered the flaw, and because the researchers are looking to sell the fuzzing technology. They have been accepted to present their work at a peer-review conference later this fall.

Errata Security’s Robert Graham called the news false, adding that while the researchers did discover the backdoor on the FPGA chip, there is no evidence that the Chinese put it there or that it is malicious.

Microsemi, the company who produced the FPGA chip in question, has now responded to the report, and issued the following statement.

“According to these researchers, in order for the extraction of the security key to occur, the pins of the FPGA device involved needed to be physically connected to the researchers’ custom-designed attack hardware. Microsemi has not been able to confirm or deny the researchers’ claims since they have not contacted Microsemi with the necessary technical details of the set-up nor given Microsemi access to their custom-designed equipment for independent verification.”

Additionally, the statement goes on to note, “there is no designed feature that would enable the circumvention of the user security.”

Addressing the backdoor itself, the statement says that it “can only be entered in a customer-programmed device when the customer supplies their passcode, thus preventing unauthorized access by Microsemi or anyone else.”

Microsemi says that shipped devices are checked to ensure that the backdoor is disabled, begging the question as to what type of device the researchers themselves were working with. The Register highlighted the same question in their coverage of the Microsemi statement.

“Here in El Reg’s antipodean eyrie, we’re therefore keen to know if Skorobogatov and Woods worked with a brand new FPGA, because if we take Microsemi’s word for it there’s no reason a virgin ProASIC3 would have a passkey lurking within. But we can imagine a used ProASIC3’s passkey being extracted using the researchers’ cunning methods. How did the key get there?”

The full response from Microsemi with respect to the reported backdoor on its ProASIC 3 can be found here.

Written By

Click to comment

Expert Insights

Related Content

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.