LOGIN | REGISTER NOW | SUBSCRIBE
 

Zeichick’s Take: Backdoors—at nanometer scales


By Alan Zeichick
Email    print   
October 29, 2009 —  Can you trust your chips? Last week, I wrote about the potential for shenanigans with a new computer-controlled watt-hour meter that a local electric utility installed at my home. The worry: My bill might go up.

That, my friends, may only be the tip of the iceberg.

We’re all familiar with backdoors installed into software, such as secret root passwords or overrides built into payroll software. Many of those backdoors are urban legends, but I’ve encountered such things in real life. You probably have too.

What if backdoors are being installed into your nation’s defense systems at the hardware level—secretly—by your enemies? While that sounds like the topic of a good science-fiction movie, it’s a not-too-far-fetched scenario.

On Monday, John Markoff of the New York Times wrote a cyberwar story called “Old Trick Threatens the Newest Weapons.” He writes that only about 2% of the chips used in American military equipment are manufactured in secure facilities, and that the other 98% might hide kill switches or backdoor access points.

“As advanced systems like aircraft, missiles and radars have become dependent on their computing capabilities, the specter of subversion causing weapons to fail in times of crisis, or secretly corrupting crucial data, has come to haunt military planners. The problem has grown more severe as most American semiconductor manufacturing plants have moved offshore,” Markoff writes.

Could attempts to subvert those chips be detected? Not a chance. Markoff writes chillingly: “Cyberwarfare analysts argue that while most computer security efforts have until now been focused on software, tampering with hardware circuitry may ultimately be an equally dangerous threat. That is because modern computer chips routinely comprise hundreds of millions, or even billions, of transistors. The increasing complexity means that subtle modifications in manufacturing or in the design of chips will be virtually impossible to detect.”

The thought that an enemy of your country could shut down or take over one of your nation’s weapon systems is terrible to contemplate. The threat, however, isn’t merely to defense systems or military equipment. What would be the economic implications of secret kill switches built into business-grade network servers or network routers? How about remote subversion of consumer-grade mobile phones, laptop computers or automobile chips?

And to think I was worried about my electricity meter.

Alan Zeichick is editorial director of SD Times. Follow him on Twitter at twitter.com/zeichick. Read his blog at ztrek.blogspot.com.




Related Search Term(s): security


Share this link: http://sdt.bz/33869
 
Most Read Latest News Blog Resources
Zeichick’s Take: Radio moves from analog waveforms to digital packets
Streaming radio highlights the need for streaming applications to be designed to take up as little bandwidth as possible
Taking enterprise architecture to the business side
Startup Corso is bringing out a cloud-based planning platform that ties into business plans
Appcelerator Acquires Cocoafish to Add Instant Mobile Cloud Capabilities to its Industry Leading Titanium Platform
Appcelerator Offers Messaging, Social, Location and Storage Mobile Cloud Services to All Mobile App Publishers
ComponentOne Releases a Collection of 40+ UI Widgets Powered by HTML5 and jQuery
ComponentOne has announced the 2012 release of Wijmo: a kit of UI widgets for HTML5 and jQuery development
Digg!  Digg
Reddit  Reddit
Slashdot  Slashdot
Share on facebook  Facebook
Share on Twitter  Twitter



Comments


10/30/2009 11:55:20 AM EST

temp fix: Design a chip testing machine, which randomly samples 20% of all chips used. Real Fix, do our own chips. Why do we leave it to China when we need jobs here? Purified Silicon is just a Brown's Gas Torch away, and the rest is a fairly automated process. China had already embraced Brown's Gas Technology (Hydrogen and Oxygen gases coming out a torch head), so purified silicon was already in their hands. (BTW it will also take care of spent nuclear fuel, and mines gold without any chemicals and a far greater return of ore from the rock). America has always bootstrapped itself, why not in such a delicate and dangerous area. Lets make our own (and not on the coasts)!! ... There are some awesome supplies of gorgeous quartz (massive amounts ?? couldn't say but what I saw was nearly pure already) between Winnemucca NV (Gold Town) and Burns Oregon. While you are making silicon you can branch out into growing crystals ... a new field which will need lots of supply.

United StatesSally A


11/03/2009 03:08:39 PM EST

You can't start worrying about the hardware, the softWare in place already has permanent issues. If it has a JVM, ACPI, and uses any variation of "C" it is not only completely vulnerable, probably already affected, and the worst part is once afflicted the computer is the one responsible for reporting everything you should know about.

United StatesShaykers


Add comment


Name*
Email*  
Country     


  • Comment
Loading




close
NEXT ARTICLE
Cigital Develops Ready-to-Use Tools for Securing the Smart Grid
Cigital Inc. announced the release of the Guide to Developing a Cyber Security and Risk Mitigation Plan Read More...
 
 
 
 
News on Monday
more>>
SharePoint Tech Report
more>>


   

 
 

Download Current Issue
FEBRUARY 2012 PDF ISSUE

Need Back Issues?
DOWNLOAD HERE

Want to subscribe?


 
blogs tab
Are you at risk for burnout?
Burnout is a severe problem and it can strike at any time. Here's how to tell if you are nearing the edge.
02/09/2012 02:16 PM EST

Agility, mom, and apple pie
If we're to evaluate the state-of-the-art in software development, we should start with the values espoused in the Agile Manifesto.
02/07/2012 11:57 AM EST

RIM woos developers with free tablet
How do you get more apps ported to the BlackBerry PlayBook? By giving every developer a free tablet, of course!
02/04/2012 01:57 PM EST

GitHire: Use Headhunters to Find Your Perfect Programmer
Are you a hiring manager tired of scouring the job boards? Check out this new service that will find 5 people interested in your jobs.
02/03/2012 12:17 PM EST

Facebook claims hacker cred
Facebook's SEC S-1 filing form includes a short essay on the Hacker Way by Mark Zuckerberg himself.
02/02/2012 08:26 AM EST

Ryan Dahl steps down
Ryan Dahl, creator of Node.js, steps back from his position as gatekeeper for the project.
02/01/2012 04:58 PM EST

 
Events calendar tab
Cloud Connect
2/13/2012 to 2/16/2012
Santa Clara
TechWeb

SPTechCon: The SharePoint Technology Conf.
2/26/2012 to 2/29/2012
San Francisco
BZ Media

RSA Conf.
2/27/2012 to 3/2/2012
San Francisco
RSA

IBM Pulse Conf.
3/4/2012 to 3/7/2012
Las Vegas
IBM Tivoli

Game Developer Conf.
3/5/2012 to 3/9/2012
San Francisco
TechWeb