Wired magazine reports that the US armed forces are finding out some disturbing things about Chinese-manufactured computer chips.
In 2010, the U.S. military had a problem. It had bought over 59,000 microchips destined for installation in everything from missile defense systems to gadgets that tell friend from foe. The chips turned out to be counterfeits from China, but it could have been even worse. Instead of crappy Chinese fakes being put into Navy weapons systems, the chips could have been hacked, able to shut off a missile in the event of war or lie around just waiting to malfunction.
. . .
The U.S. has been worried about its foreign-sourced chips in its supply chain for a while now. In a 2005 report, the Defense Science Board warned that the shift towards greater foreign circuit production posed the risk that “trojan horse” circuits could be unknowingly installed in critical military systems. Foreign adversaries could modify chips to fizzle out early, the report said, or add secret back doors that would place a kill switch in military systems.
The problem is that the United States isn’t the only game in town anymore when it comes to building better chips. Foreign chip foundries — companies that manufacture chips for third parties — are churning out more advanced products and making regular chips cheaper and more quickly. American military and intelligence customers would love to take advantage of some of these developments, but they don’t want to limit themselves to just U.S.-made technology.
The Defense Science Board warned in its report that “trust cannot be added to integrated circuits after fabrication.” Iarpa disagrees. The agency is looking for ways to check out chips once they’ve been made, asking for ideas on how the U.S. can verify that its foreign chips haven’t been hacked in the production process.
There's more at the link.
Makes sense from the Chinese point of view. In fact, if I were a senior Chinese security official, I'd be telling my computer chip manufacturers to incorporate "trojan horse circuits", as the Wired article describes them, in every single chip they make, irrespective of its nature or intended use. That way, if an enemy - or potential enemy - used them in his hardware, I could arrange for my own forces to unleash a blizzard of electronic instructions to disable his weapons, right at the very beginning of a conflict. While he was trying to sort out the resulting mess, my own weapons - free of such interference - would be able to strike him with impunity.
Too many people underestimate the Chinese. They're not dumb at all. They regard us (with more than a little justification) as still being imperialist-minded fools, who think we can push China around: and they're determined not to take it any more. I can't blame them. Look at the way the West has treated China for centuries, then ask yourself, "If I were in their shoes, would I behave any differently right now?"
I wouldn't . . . and that's why we've got to be very careful indeed about things like this.
Peter
I remember one of the first real hackers stating that he was sure there was a Trojan horse of some kind in every major software.
ReplyDeleteA Trojan horse or Trapdoor is just something that's almost irresistable for a programmer to put in. It's easy to do, hard to detect and can prove very useful at a later unspecified time. (Even for legitimate uses, say if a customer calls and has crashed the system, a trojan horse can gain access to it for a reboot.)
This is a big part of why I rail against the excesses of the EPA driving manufacturing overseas. I love relative advantage as much as the next free market economist, but I'd like that relative advantage to be with a dude I share a Western Enlightenment culture with if possible, not a satrap minded foreigner.
ReplyDelete