From: Examiner.com
Cynthia Hodges, Chicago Homeland Security Examiner
In the United States, cyber security news appears to come in the form of bad news and worse news. Last week, the U.S. Department of Homeland Security warned American businesses about the complex FLAME malware, that has been identified as the virus responsible for last month’s attack on Iran’s oil industry could spread to other targeted governments across the Internet. The FLAME virus was reportedly discovered on Thursday in Malaysia.
On the heels of the DHS warning, researchers at Cambridge University have reportedly discovered a serious vulnerability built into a class of microchips used across the U.S. military and in crucial industrial applications such as power grids.
In the draft of the not yet released study, researchers Sergei Skorobogatov of Cambridge University and Chris Woods of Quo Vadis Labs suggest that PA3 microchips have a “backdoor” deliberately etched into the silicon of “secure” programmable chips that could give cyber spies or terrorists access to classified U.S. weapons systems, including guidance, flight control, networking, and communications systems.
The research concludes that Actel‘s PA3 chips, considered to be one of the most secure designs available could have serious vulnerabilities that users aren’t even aware of.
Actel, a subsidiary of Irvine, California based Microsemi Corp., disputes the researchers’ claim of a backdoor, adding that future designs will be even more secure. In an official statement, the company said:
“Microsemi can confirm that there is no designed feature that would enable the circumvention of the user security,” the company said in a statement. “The researchers assertion is that with the discovery of a security key, a hacker can gain access to a privileged internal test facility reserved for initial factory testing and failure analysis. Microsemi verified that the internal test facility is disabled in all shipped devices.”
Initial reports on the new research, some cybersecurity experts say jumped to conclusions by assuming that because the chip was designed in California but manufactured in China, indicated the vulnerability was state sponsored sabotage. Some experts point out that it is not known how or why the backdoor was installed on the chip, but that it’s highly unlikely that it was inserted deliberately by the manufacturer in China. It is more likely, they say an overlooked feature from an earlier design.
The researchers said in the report that the vulnerability was most likely in the early stages, which is China appear to contradict themselves by later backing off of the claim. Skorobogatov and Woods are scheduled to present a paper on their findings at a conference in Belgium in Fall 2012.
The fact that there is a vulnerability in the ProASIC3 chip, used in medical, automotive, communications, U.S. military and consumer products – and that the malware could potentially result in a “kill switch” that would cause commercial jets to fall from the sky – is newsworthy, if not state sponsered cyber espionage.
The study shows that Actel’s PA3 chips, which are thought to be one of the safest designs, may have serious flaws that users don’t even know about.