A pair of security researchers in the U.K. have released a paper [PDF] documenting what they describe as the “first real world detection of a backdoor” in a microchip—an opening that could allow a malicious actor to monitor or change the information on the chip. The researchers, Sergei Skorobogatov of the University of Cambridge and Christopher Woods of Quo Vadis Labs, concluded that the vulnerability made it possible to reprogram the contents of supposedly secure memory and obtain information regarding the internal logic of the chip. I discussed the possibility of this type of hardware vulnerability in the August 2010 Scientific American article “The Hacker in Your Hardware.”
The security breach is a particular concern because of the type of chip involved. The affected chip, a ProASIC3 A3P250, is a field programmable gate array (FPGA). These chips are used in an enormous variety of applications, including communications and networking systems, the financial markets, industrial control systems, and a long list of military systems. Each customer configures an FPGA to implement a unique—and often highly proprietary—set of logical operations. For example, a customer in the financial markets might configure an FPGA to make high speed trading decisions. A customer in aviation might use an FPGA to help perform flight control. Any mechanism that could allow unauthorized access to the internal configuration of an FPGA creates the risk of intellectual property theft. In addition, the computations and data in the chip could be maliciously altered.