US Military Chip Made In China Has Backdoor Security Flaw

Talk about an uh oh moment, researches at Cambridge University have discovered a massive security flaw in a microprocessor used by the US military. It contains a built in backdoor that allows the chip to be reprogrammed and to make matters worse it’s used in a massive number of systems such as: nuclear power plants, public transport and even weapons. Worse yet it’s a hardware problem and cannot be fixed via firmware, which means there is no quick fix. the only way to correct the issue is to replace all the chips.

Our aim was to perform advanced code breaking and to see if there were any unexpected features on the (US Military) chip. We scanned the silicon chip in an affordable time and found a previously unknown backdoor inserted by the manufacturer. This backdoor has a key, which we were able to extract. If you use this key you can disable the chip or reprogram it at will, even if locked by the user with their own key. This particular chip is prevalent in many systems from weapons, nuclear power plants to public transport. In other words, this backdoor access could be turned into an advanced Stuxnet weapon to attack potentially millions of systems. The scale and range of possible attacks has huge implications for National Security and public infrastructure,” said Segei Skorobogatov who made the discovery at the Quo Vadis Labs at Cambridge University.

Granted in order to reprogram the chip would require physical access to them with special equipment which is unlikely to happen, however the fact the backdoor exists at all is still extremely troubling. Furthermore the Chinese may not be behind this, as the chips backdoor flaw could very well have been a part of the original design. Errata Security seems to think that is the case and that Chinese involvement is just speculation, as backdoors are common and rarely malicious as they are often used as a debugging tool by the designer. Still with the Flame virus scare just the other day this showcases a serious vulnerability in are military and utilities systems. Check the source for more info on the topic.