Skip to main content

    Cambridge researcher provokes controversy with claims of 'backdoor' access to military hardware

    Cambridge researcher provokes controversy with claims of 'backdoor' access to military hardware

    /

    Cambridge scientist Sergei Skorobogatov has released a report stating that a large number of military and government machines contain chips with hardcorded backdoor access.

    Share this story

    FPGA, board, JTAG
    FPGA, board, JTAG

    A Cambridge scientist named Sergei Skorobogatov recently released a report stating that a large number of sensitive military and government machines include chips that contain physical, hardcoded backdoor access. This report stirred up a bit of controversy, inciting the Errata Security blog to respond with an attempt to debunk Skorobogatov's papers.

    Skorobogatov's research indicates a common electronic element called a field programmable gate array (FPGA) often includes deliberately placed vectors for reprogramming that persist after the hardware ships. Skorobogatov's papers claim that, by using these chips, military hardware ranging from weapons systems to nuclear power plants could be disabled with a virus that exploits these backdoors.

    military hardware ranging from weapons systems to nuclear power plants could be disabled with a virus that exploits these backdoors

    Errata Security rebukes this conclusion by arguing that these backdoors are more commonly known as debugging interfaces. Manufacturers often just physically disconnect these debugging avenues rather than design them out of chips after development as a cost saving measure. This means that these interfaces could be exploited by physically reconnecting the pins, which is a technique commonly used to hack consumer electronics. For example, hackers on the XDA-Developers forums modified the original Galaxy S and its variants to expose JTAG flashing mechanisms. Even a specific generation of the Xbox 360 was exploited this way.

    While most of these debugging interfaces are likely left in due to time and budget constraints, Skorobogatov's research does have a point — leaving unexplored control vectors in embedded hardware could leave it open to hacking.