Posted on 06/05/2012 10:06:32 PM PDT by ex-Texan
Alarming report reveals malware in silicon chips
A recent study found that a U.S. military chip manufactured in China—widely used in systems for weapons, nuclear power plants, and public transport—contains a built-in backdoor that allows the Chinese regime access to critical U.S. systems.
“In other words, this backdoor access could be turned into an advanced Stuxnet weapon to attack potentially millions of systems. The scale and range of possible attacks has huge implications for national security and public infrastructure,” writes security researcher Sergei Skorobogatov on his blog. Skorobogatov is from U.K.-based Hardware Security Group at the University of Cambridge, the group that conducted the study.
The Stuxnet weapon he refers to was a piece of malware that was able to physically destroy nuclear centrifuges at an Iranian nuclear plant.
Going off claims from some of the world’s top intelligence agencies—among them MI5, NSA, and IARPA—that computer chips could be preloaded with potentially devastating malware, Hardware Security Group decided to put this to the test.
“We chose an American military chip that is highly secure with sophisticated encryption standard, manufactured in China,” Skorobogatov said. They used a new form of chip scanning technology to “see if there were any unexpected features on the chip.”
“U.K. officials are fearful that China has the capability to shut down businesses, military and critical infrastructure through cyber-attacks and spy equipment embedded in computer and telecommunications equipment,” he said, noting, “There have been many cases of computer hardware having backdoors, Trojans, or other programs to allow an attacker to gain access or transmit confidential data to a third party.”
Their complete findings will be published in September, in a paper called “Breakthrough silicon scanning discovers backdoor in military chip,” which Skorobogatov says “will expose some serious security issues in the devices, which are supposed to be unbreakable.”
The chip scanning technology is still relatively new, and thus, studies such as this are few and far between. Skorobogatov notes that 99 percent of chips are manufactured in China, and the prevalence of such malware is something he and his research group would like to investigate further.
Even so, the issue of the Chinese regime planting malware in exported technology is not unknown.
Back in July 2011, Greg Schaffer, acting deputy undersecretary of the Department of Homeland Security (DHS) National Protection and Programs Directorate, testified before the House Oversight and Government Reform Committee.
After being pressed with questions around this, Schaffer admitted he was “aware of some instances” of foreign-made software and hardware being purposely embedded with malware, The Epoch Times reported.
Rep. Jason Chaffetz (R-Utah) continued pressing Schaffer on this, and after trying to avoid the question or give vague responses several times, Schaffer admitted that he was aware of this happening, and said, “We believe there is significant risk in the area of supply chain.”
“This is one of the most complicated and difficult challenges that we have,” Schaffer said. “There are foreign components in many U.S. manufactured devices.”
Few details have been revealed since. Yet, in April 2011, the Commerce Department sent a survey to U.S. telecommunication companies—including AT&T Inc. and Verizon Communications Inc.—demanding “confidential information about their networks in a hunt for Chinese cyberspying,” Bloomberg reported in November 2011. Built-in Spying
Among the information requested were details on foreign-made hardware and software on company networks, and it asked about any findings of “unauthorized electronic hardware” or anything else suspicious, Bloomberg reported.
There seemed to be a tight lid on this, even then. A senior U.S. official spoke to Bloomberg on anonymity, noting, they report, “The survey represents ‘very high-level’ concern that China and other countries may be using their growing export sectors to develop built-in spying capabilities in U.S. networks…”
This was further exposed a month later by author and freelance writer Robert McGarvey, reporting for Internet Evolution. He was told by Don DeBolt, director of threat research at the New York security-consulting firm Total Defense, that “China has been bugging our computers for a long time,” and “We have seen cases where malware is installed at the BIOS level. Security suites do not detect it.” Computers all have a BIOS (Basic Input/Output System) chip that is sometimes hard-coded, meaning they can only be written once and contain information about the system’s hardware.
And just recently, on April 29, former U.S. counterterrorism czar Richard Clarke, who now runs his own cybersecurity firm, told Smithsonian Magazine that such Chinese malware even exists at the consumer level—in shocking prevalence—stating that everything from silicon chips, to routers, to hardware could be loaded with logic bombs, Trojan horses, and other forms of malware.
“Every major company in the United States has already been penetrated by China,” Clarke told Smithsonian Magazine.
“My greatest fear,” he continued, “is that, rather than having a cyber-Pearl Harbor event, we will instead have this death of a thousand cuts. Where we lose our competitiveness by having all of our research and development stolen by the Chinese.
Related Articles
US Military Gearing Up for Cyberwar
“And we never really see the single event that makes us do something about it. That it’s always just below our pain threshold. That company after company in the United States spends millions, hundreds of millions, in some cases billions of dollars on R&D and that information goes free to China. … After a while you can’t compete,” Clarke concluded.
The saying here in Silicon Valley is:
Half the Chinese here are spying on us.
The other half are spying on them!
From the typical trash that is a utilities power line waveform, computer power supplies are already expected to produce a silky smooth DC at various levels and currents. Switching supplies are all the rage today. Now if a switching supply producer were in cahoots with a CPU producer and spyware designer, so as to selectively let “noise” in and out, there could be an interesting interaction. The switching supply would need a few smarts to be able to know when and what to pass through. It would take more than the dumb discrete designs of the present.
Apple, Acer, and others do.
Perhaps you should whine at them then, instead of at me?
Or do you know crap about manufacturing?
Whiner says what?
I can only speak for me - Yes, and assume others care based on what I read in comments on FR, like this from "null and void":
The rules of threat assessment call for identifying what an enemy is capable of doing, not necessarily what they are actually doing.
I like that quote a lot - given almost 30 years of high-end global industry experience (see note 1 below).
Based on your comments, I believe we're in agreement on the risk assessment facts from known design and engineering practices. We don't need to invent complicated engineering scenarios in order to be concerned about what's already installed across America and the globe that controls core elements of every day life.
The WashedUp Times pointed out some of the recently published studies on PLC vulnerabilities:
"Project Basecamp had six great researchers looking for vulnerabilities in six different PLC’s / field devices, and the PLC’s took a beating. There were backdoors, weak credential storage, ability to change ladder logic and firmware, command line interface, overflows galore, TFTP for important files and so much more."
Cyber search engine Shodan exposes industrial control systems to new risks
In a statement to The Washington Post, General Electric said: “The D-20 was designed for deployment in a layered security environment, in which asset owners and operators employ a range of measures to prevent, detect and respond to intrusions. GE actively works with our customers to design and support those security measures.” The company added that the software for the machine “is designed to be secure and includes a layer of password-protection, which can be activated if the customer chooses to do so.” Other machines had flaws that enabled the researchers to take control through electronic back doors. In January, Digital Bond said the results were “a bloodbath, mostly.” “Most of the guys were able to hack their controllers in a single day,” said K. Reid Wightman, a Digital Bond security researcher and former Pentagon cyberwarrior. “It’s just too easy. If we can do it, imagine what a well-funded foreign power could do.”
Researchers found that one machine made by General Electric, the D-20, uses the same microprocessor installed in Apple computers two decades ago. The company that made its operating software stopped updating it in 1999. It is often shipped to customers with no meaningful security.“Security is disabled by default,” the manual says. “To log in, enter any name; you do not need a password.”
(1) My first professional job was in semiconductor manufacturing, not as an EE, but I designed their first distributed systems with desktops and "file servers" delivering integrated data from big iron global systems. And I pioneered some of the first commercial Software as a Service products. This was way before there were any books available on how to build, sell, run, scale, and support such products.
Clinton, the reason W Bush was the best President since Reagan even though W Bush stunk.
Is the Russian mob still after you?
You should be ashamed.
Amen to that!
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.