Friday, June 1, 2012
Manufacturer places "back doors" in chips intentionally
For the first time in history has been able to discover, test, develop and document a vulnerability or backdoor on a silicon chip that allows an attacker to take control of the device using the platform. And not any user: but at the same manufacturer who deliberately added this backdoor to the chip and also put a "key" to use it.The affected products are units FPGA (Field Programmable Gate Array) Actel American manufacturer, in his series of models ProASIC3, IGLOO, Fusion and SmartFusion, and as we said, the researchers believe that the level of integration of the problem likely the hole found was put "at home" intentionally by Actel, which has been occurring since 2002 at least until 2010, when the company took over Microsemi manufacturing.To discover what is that a group of researchers at the University of Cambridge launched an investigation that sparked alarm among the institutions that use this kind of chip security features that require the highest level, such as military and communications applications public, private and institutional, to name a few, where governments and private organizations and researchers contacted for help. And yes, there were great efforts to find the problem because it also deliberately was very hidden in the hardware design, further aggravating the situation.The affected products are chips that can be programmed in a personal way to implement on different devices to perform specific functions, with the "implementer" deciding how it will work and where. This flexibility is what makes chips for applications desired in addition to those mentioned above also involve combat aircraft, satellites, nuclear power plants, commercial aircraft Boeing and many others.The worst thing of all is that you can break the AES encryption, an algorithm that provides high security and therefore, is widely used in engine chips to implement AES at the hardware level. Now all that is useless because of the vulnerability that Actel inserted into their products, which were acquired by naively all kinds of institutions that now are endangered data and more importantly, access to their platforms.According to investigators, the tailgate is embedded in the architecture that was designed with the piece of silicon, making it impossible to fix it or remove it because it is hardware, ie irons that are already done and can not be changed. The best thing you can do for now is to find ways to exploit the vulnerability and exploit it more difficult and costly for malicious, but anyway this is inevitable if it occurs.Because this is not a computer virus or other malware that is software or virtual code that can be fixed: This problem is a pit or hole embedded in physical processors, which can not cover more than exchanging one product for another. It is as if the computer you bought had a leak and the only solution to fix it is change it.