DARPA Sponsors a Hunt For Malware In Microchips 106
Phurge links to an IEEE Spectrum story on an interesting DARPA project with some scary implications about just what it is we don't know about what chips are doing under the surface. It's a difficult problem to find invasive or otherwise malicious capabilities built into a CPU; this project's goal is to see whether vendors can find such hardware-level spyware in chips like those used in military hardware. Phurge excerpts: "Recognizing this enormous vulnerability, the DOD recently launched its most ambitious program yet to verify the integrity of the electronics that will underpin future additions to its arsenal. ... In January, the Trust program started its prequalifying rounds by sending to three contractors four identical versions of a chip that contained unspecified malicious circuitry. The teams have until the end of this month to ferret out as many of the devious insertions as they can."
All about China (Score:5, Insightful)
Looks like someone finally clued these geniuses of national security in on the obvious Archilles' heel in their web of protection.
I just hope our clueless protectors have at least had the common sense to slip in some spys at that new big "Fab 68" [forbes.com] Intel plant they're building in China.
Re:Speaking from a military perspective (Score:4, Insightful)
Re:All about China (Score:3, Insightful)
Presumably they're doing it themselves (Score:3, Insightful)
In the microprocessor case, suppose they added a bit of logic to look for a particular data sequence, and if found, switch to system management mode or ring 0 and execute whatever follows. Then they could take over any machine simply by sending it a data packet. Presumably there would be some code signing to prevent anyone else from exploiting the backdoor.
Intel, Cisco, et al are involved in the Critical Infrastructure Protection program and undoubtedly have other high-level contacts with the national security apparatus. It seems obvious that the US is in a better position than anyone else to carry out this type of attack.