Experts worry that counterfeit chips could be used to steal data – or crash a network.
This past January, two brothers from Texas – Michael and Robert Edman – appeared in court to face charges of selling counterfeit computer equipment to, among others, the US Air Force, Marine Corps, Federal Aviation Administration, Department of Energy, numerous universities, and defence contractors such as Lockheed Martin. According to prosecutors, the pair (working largely out of Michael Edman’s house in the rural town of Richmond) bought cheap network cards from a supplier in China. They also purchased labels and boxes carrying the logo of Cisco Systems, the US-based hardware giant. Until a source in China tipped off the FBI, no one could tell that the parts were Cisco knock-offs rather than the real thing.
An attorney for the Edmans says that they, too, were victims – duped by overseas suppliers. But one thing is clear: the case is about a lot more than trademark infringement. Security experts warn that, as supply chains become more global and more opaque, no one can be sure what parts are going into the computers that run, well, everything – from air traffic control towers to banks to weapons systems. US Secretary of Homeland Security Michael Chertoff raised the issue recently at a briefing attended by Popular Mechanics and others. “Increasingly when you buy computers they have components that originate all around the world,” he said. “We need to look at how we assure that people are not embedding in very small components that can be triggered remotely.”
Software vulnerabilities and online scams receive plenty of public attention. Viruses, Trojan horses, spyware, phishing schemes that trick people into providing financial data – all have made headlines in recent years.
The emerging hardware threat is different. Imagine buying a computer, printer, monitor, router or other device in which malevolent instructions, or at least security loopholes, are etched permanently into the silicon.
Individuals, companies and government agencies could all be at risk from foreign governments or criminal enterprises. A computer chip built with a subtle error might allow an identity-theft ring to hack past the encryption used to connect customers with their banks. Flash memory hidden inside a corporation’s networked printers could save an image file of every document it printed, then send out the information. In a disturbing national-security scenario, overseas agents might be able to hard-wire instructions to bring down a Department of Defence system on a predetermined date or in response to an external trigger. In the time it took to bring the systems back online, a military assault could be under way.
When a software problem is detected, thousands or millions of computers can be fixed within hours with a software patch. Discover a malevolent hardware component, however, and machines need to be fixed one by one by one. On a large network it could take months – if the problem is detected at all.
“There are a whole bunch of functions inside each chip that you have no direct access to,” says Stephen Kent, chief information security scientist for BBN Technologies and a member of the Intelligence Science Board, which advises US intelligence agencies. “We passed the point a long time ago when you could combinatorially test all the possible inputs for a complex chip. If somebody hid a function that, given the right inputs, could cause the chip to do something surprising, it’s not clear how you could test for that.”
Such tampering wouldn’t have to occur in a factory where computer components were built. In fact, repair businesses and subcontractors may pose a greater danger. “A skilled and capable adversary could replace a chip on a circuit board with a very similar one,” says John Pironti, a security expert for information technology consulting firm Getronics. “But this chip would have malicious instructions added to the programming.” The strategy wouldn’t be practical for running a broad identity-theft operation, but it might allow spies to focus an attack on a valuable corporate or government target – gaining access to equipment, then doctoring it with hidden functions.
However, not all experts agree that the risk is severe. After all, there’s never been a report of anyone outside of the United States using such technology to steal information or commit sabotage. (The US did successfully conduct such a mission against the Soviet Union during the Cold War.)
“It’s certainly possible for the world’s major espionage services to secretly plant vulnerabilities in our microprocessors, but the threat is overblown,” says Bruce Schneier, chief technology officer of the data security company BT Counterpane.
“Why would anyone go through the effort and take the risk, when there are thousands of vulnerabilities in our computers, networks and operating systems waiting to be discovered with only a few hours’ work?”
The US National Security Agency and Defence Department aren’t convinced. There’s no way to know if they are reacting to an imminent danger or simply swinging at shadows, but security professionals are scrambling to guard their electronics supply chains.
Building chips in China
In September 2007, Intel broke ground on “Fab 68”, a silicon-wafer fabricating plant in Dalian, China. The plant is Intel’s first chip manufacturing facility in China, but the company already operates facilities for testing, as well as research and development, all over the world, from India to Costa Rica to Russia. Rival AMD is planning to build a fab in India. Several other American chipmakers, including Applied Materials and National Semiconductor, have facilities in China. In all, less than a quarter of the world’s chip-making capacity is still located within the United States.
The companies that move offshore are trying to stay competitive in commercial markets. As a side effect of globalisation, however, the US Defence Department is finding itself with fewer domestic sources of the specialised chips – often outdated – that help run weapons platforms that range from advanced aircraft to missile guidance systems. These are the electronic components that might pose the most inviting target for a foreign power.
The National Security Agency is trying to counter the threat with a programme called Trusted Foundry Access that accredits companies that supply specialised electronics to government agencies. Ten companies have joined the programme since 2004 – the inaugural deal, with IBM, cost the US government a reported R5 billion. To participate, manufacturers need to take measures such as obtaining security clearances for staff members and quarantining computer design tools from the Internet. Furthermore, “The facilities must be onshore or in a closely allied country”, says a Defence Department official involved with the programme.
One potential flaw in the programme is that it covers “just a slice of the life cycle”, says Jim Gosler, a Sandia National Laboratories researcher who has spent time probing US electronics systems to identify vulnerabilities. “You have to make sure the component stays trusted – they get out and about,” he says, once the equipment leaves the factory and goes into service.
More critically, even well-funded initiatives can’t permanently withstand the forces pushing microchip production outside the US. Ultimately, trying too hard to isolate American chip-making might simply help foreign-owned chip manufacturers challenge US dominance in the field. “It’s a pretty hairy situation to look out 10 or 15 years and have to ask, ‘Where are we going to get our technology?'” the Defence official says.
DARPA, the Defence Advanced Research Projects Agency, does have another plan. Through a new initiative called Trust in ICs (microchips are also called integrated circuits or ICs), the agency has contracted with Raytheon, MIT, Johns Hopkins University and others to find ways to protect chip
s from tampering and to detect vulnerabilities if they do occur.
Ultimately, though, chips may be too complex to secure completely. “Even if you found something, you could never be confident you found everything,” Gosler says. “That’s the awful nature of this business.”