A backdoor deliberately inserted into an American military chip could help attackers gain unauthorized access and reprogram its memory.
A military-grade silicon device made by California-based Microsemi Corp., the ProASIC3 A3P250, contained a glitch that would allow individuals to remotely tweak its functions, said Sergei Skorobogatov, a researcher at Cambridge University who wrote a paper on the subject. “This permits a new and disturbing possibility of a large scale Stuxnet-type attack via a network or the Internet on the silicon itself,” he wrote in the paper. The Stuxnet worm, discovered in 2010, targeted industrial control systems.
The obscure backdoor was within the security mechanism of the chip with robust countermeasures to prevent access by others, an indication someone deliberately implanted it, said Christopher Woods, a researcher at U.K.-based Quo Vadis Labs who collaborated on the research. The duo did not disclose further details in their paper, citing a “confidentiality agreement.”
The backdoor is “close to impossible to fix on chips already deployed” because software patches can’t fix the bugs. The security holes can only disappear if they go out and replace all of them in the installed systems, the researchers said.
Microsemi’s aggregate net sales to defense and security users represented 29 percent of total net sales in 2012, according to its most recent quarterly regulatory filing. The device in question is “heavily marketed to the military and industry,” the paper said. TSMC Taiwan and packaged the device in either in China or Korea, Woods said.
A Microsemi spokesperson was not immediately available for comment.
Going forward, the pair will study how to authenticate chips and parts using scanning techniques that will distinguish between counterfeit and real components.