Security Researcher Finds Backdoor in China-Manufactured Chips
Lawmakers in the United States have been concerned about the security of hardware manufactured in China for years now, especially since many chips and other pieces of computer equipment manufactured in China are used for sensitive military and civil applications that would make them quite dangerous in the wrong hands if they were compromised. Among other things, this has manifested in a lot of suspicion stateside about Huawei and other Chinese companies in the telecomunnications industry expanding their businesses into China. Today, news spread on Twitter that Sergei Skorobogatov, a security researcher, has found a backdoor in a Chinese-manufactured "American military chip that is highly secure with sophisticated encryption standard." From his website:
We scanned the silicon chip in an affordable time and found a previously unknown backdoor inserted by the manufacturer. This backdoor has a key, which we were able to extract. If you use this key you can disable the chip or reprogram it at will, even if locked by the user with their own key. This particular chip is prevalent in many systems from weapons, nuclear power plants to public transport. In other words, this backdoor access could be turned into an advanced Stuxnet weapon to attack potentially millions of systems. The scale and range of possible attacks has huge implications for National Security and public infrastructure.
So yeah, that sounds pretty bad. And although the chip isn't manufactured by Huawei, this could be the death-knell for its plans abroad -- especially in the US -- as this would seem to confirm suspicions that Chinese manufacturers are (knowingly or unknowingly) cooperating with the government to insert backdoor systems into foreign military hardware. Now, grain of salt time: this doesn't seem to have been confirmed by anyone else, and it's difficult to confirm exactly how the backdoor was inserted in the first place, which means we don't really know who is behind it. Moreover, Skorobogatov is not an entirely unbiased source, since it appears he is planning to sell the scanning technology used to uncover this backdoor. In the end, if the story gets enough momentum, whether it's true and who is behind it may not matter. Suspicions about Chinese hardware are already quite widespread; the revelation that Chinese chips with exploitable backdoor security flaws are installed in our military (and nuclear) equipment is not likely to make American legislators any more excited about welcoming Huawei (or other Chinese tech companies) into the US. [via @pdenlinger and @niubi, image source]
