Do you have adblock enabled?
 
If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(SomeCambridgeGuy)   I don't want to alarm you, but the Chinese may have been putting backdoors in all those computer chips they made for our military and critical infrastructure. At least consumer electronics are saf....*NO CARRIER*   (cl.cam.ac.uk ) divider line
    More: Obvious  
•       •       •

3921 clicks; posted to Geek » on 28 May 2012 at 11:40 AM (4 years ago)   |   Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



53 Comments     (+0 »)
 
View Voting Results: Smartest and Funniest


Oldest | « | 1 | 2 | » | Newest | Show all

 
ZAZ [TotalFark]
2012-05-28 09:33:12 AM  
In the early 1990s the U.S. government wanted everybody to use an NSA-spec part for encryption. This chip would deliberately leak data that the government could use to decrypt the message. The "Clipper Chip" never became law or standard. As far as we know. You have to wonder if the government was able to pressure hardware makers. While the mathematics of software encryption can't be faked, hardware sources of randomness can be biased and the RF emissions of the chip can be changed. Timing of instructions could be adjusted to leak information about the key. And so forth.
 
2012-05-28 11:59:56 AM  
Looks more like "Be afraid and give us money!" than anything.
 
2012-05-28 12:10:34 PM  
I was suspicious of my Lenovo that immediately after purchase insisted it be sent back to China for a part "upgrade." B/c of the nature of my work, and lots of the keywords on my internet searches, email, ect, I've just muddled through hardware failures for 2 years now. But this is something you just have to expect China would do, whether or not they really did. Oh, and if you have the means, check for it.

//Don't have a security clearance or anything, I just work for a closely aligned NGO w/zero sensitive material access, just access to high-access people. Close enough, in other words.
 
2012-05-28 12:33:56 PM  
Somehow I feel this is less of a threat than people using "1234" as their password, or putting sensitive documents on unprotected flash drives.

/Or putting them in their torrent shares folder...
 
2012-05-28 12:41:44 PM  
1234? I've got the same password on my luggage!
 
2012-05-28 12:47:42 PM  
In the 1977 comics novel Superfolks, the evil mastermind bought a plumbing empire and spent the next 20 years putting a little bit of the kryptonite-like substance in every fixture in the world.

/just sayin'
 
2012-05-28 12:49:06 PM  
What brilliant patriot outsourced this shiat to China in the first place? First they scarf up the USA's national debt, then they punk the Pentagon -- with the help of American banks and corporations.

It's past time for a public treason trial.
 
2012-05-28 01:07:43 PM  

The One True TheDavid: What brilliant patriot outsourced this shiat to China in the first place? First they scarf up the USA's national debt, then they punk the Pentagon -- with the help of American banks and corporations.

It's past time for a public treason trial.


Corporations are to blame. They are amoral, with the only goal being "make a profit". Manufacturing chips is a dirty business. US environmental regulations add a significant cost, as do the higher wages here. So naturally the corporations will seek out a location that doesn't care about that pesky environment or living wages.

Our government seriously needs to outlaw the use of Chinese made chips in all "sensitive" equipment, e.g. military and government. Not sure if anything can be done about the environmental aspect. Personally, I don't want arsenic and other fun things in my drinking water.
 
2012-05-28 01:14:31 PM  
Thabk you Bil Clinton
 
2012-05-28 01:20:21 PM  

XMark: 1234? I've got the same password on my luggage!


5. You missed 5.

/sigh.....
 
2012-05-28 01:31:54 PM  
"no carrier"?

Subby is showing his age...
 
ZAZ [TotalFark]
2012-05-28 01:40:33 PM  
OgreMagi

There are American-source rules for military hardware. I don't know details.
 
2012-05-28 01:47:20 PM  

ZAZ: OgreMagi

There are American-source rules for military hardware. I don't know details.


If Chinese chips are being used in military equipment, then the rules are flawed (or there is a lot of fraud involved).
 
2012-05-28 01:47:28 PM  
OgreMagi:

I don't want arsenic and other fun things in my drinking water.

That wouldn't bother me. Here in KY we know strychnine makes a good moonshine mixer. Praise Jesus! Hewt agarble prinklen garp!
 
2012-05-28 01:47:38 PM  
Forget about the military--what's stopping this from being the case with any consumer electronics anyone buys, for the purpose of simply stealing your bank info for Chinese or Russian crime syndicates? It's like having a bunch of unwanted IE toolbars, but in silent hardware form. I'm sure with enough effort this could be detected, but is anyone actually testing for this shiat?
 
2012-05-28 02:29:33 PM  
Most computer chips are made in America, at least Intel.
 
2012-05-28 02:32:18 PM  
 
2012-05-28 02:47:42 PM  
mimg.ugo.com
 
2012-05-28 03:01:58 PM  
Reminds me of Russel Rhodes' The Third Fury, where a former President ( or was it just a general? it's been a while), an electronics manufacturer's CEO and a TV station owner teamed up to make microchips that contained an extra circuit that allowed them to be shut down remotely by a spare transponder on the TV guy's satellite. But that was years ago, the plan was abandoned, and the extra circuit was cut out of the chips, which are now used in... almost everything electronic (planes, boat navigation, military hardware, etc).

Then the Electronics firm gets bought out by a bigger, foreign owned company, and the electronics guy is cut out of the loop. He discovers the circuit has been put back into the chip, and tries to warn the others before being killed. The general is killed. The TV station that controls the satellite is facing a corporate takeover by a shadowy international group....
 
2012-05-28 03:09:02 PM  
Our "critical infrastructure" has been fabricating their own chips for quite some time.

Don't be scared people.
 
2012-05-28 03:23:18 PM  
Wait, wait, wait. Are you telling me that China is being secretly manipulative and biding their time while using underhanded tactics to compromise the world?


WHO WOULDA THUNK IT?!
 
2012-05-28 03:38:26 PM  
You deserve any consequence that happens when dealing with the Chinese. They have proven themselves to be nothing but liars, cheats and theives. If you choose to do business with them to save a buck,then you and yours deserve whatever poison or breach of security you let into your life.
 
2012-05-28 04:20:47 PM  
We let China manufacture the electronic stuff that goes into our weapons? What the hell are we spending billions of dollars on every year? We can't afford to make all our military electronics in the USA?

It's weird that we won't let our military's firearms be manufactured outside the US for fear of being cut off in wartime yet all of the electronic gizmos can be outsourced.
 
2012-05-28 04:54:06 PM  
"Claims were made by the intelligence agencies around the world, from MI5, NSA and IARPA, that silicon chips could be infected. We developed breakthrough silicon chip scanning technology to investigate these claims. We chose an American military chip that is highly secure with sophisticated encryption standard, manufactured in China."

So, a Russian civilian (Sergei Skorobogatov) was not only able to get his hands on a "highly secure" military chip, but was able to break its encryption in order to find the backdoor installed by the Chinese. You can hear the face-palms at Langley from here.
 
2012-05-28 04:58:31 PM  
Military is one thing, but I think its tragic that multinationals are fully willing to have all of their manufacturing in China, fully knowing that IP theft is pretty much a national mandate on the part of the Chinese government.

... but its all ok as long as they get that mega bonus for hitting their quarterly numbers.

American short term thinking capitalism FTW.
 
2012-05-28 05:43:57 PM  

Nemo's Brother: Thabk you Bil Clinton


Certainly you meant, "Thank you, Bill Clinton."

Careful, the hive mind will lambaste you. Although he did sign NAFTA, starting the whole offshoring thing. I guess 18%(nominal) unemployment was worth paying "peasants" in Bangladesh $0.30 a day so the C-levels can have their huge bonuses, and the shareholders can get their 10% annual value increases.

Anyone who says the Democrats and Republicans are any different from each other ate lead paint chips as a child.
 
2012-05-28 05:44:41 PM  
Someone please tell me why in the fark we do ANY business with China. No one can trade with an insignificant communist country liike Cuba, who is absolutely no threat the US at all, yet we do trillions of dollars worth of business with a country that LITERALLY has nuclear missiles aimed at us and at some of our allies.

WHAT!

THE!

FARK!!!!!

Okay new rule. Starting like RIGHT FARKING NOW, no US company or entity is allowed to conduct business of any kind with China. Additionally, no Chinese-made product may be imported into the US by any company, foreign or domestic.

Yes I know what this would do, but damnit some day we have to say "enough of this shiat" and put the Chinese back in their place, else we risk being overrun by them and seeing the end of America.
 
2012-05-28 05:47:40 PM  
Mr. Potato Head! Mr. Potato Head! Back doors are NOT secrets!

/Right though Falken's Maze
 
2012-05-28 06:23:26 PM  
Much of the stuff in military airplanes is counterfeit Chinese stuff. They try to curb it, and there's even a DoD website for keeping track of known counterfeits as part of the inventory database, but it's mostly ignored.
 
2012-05-28 06:27:33 PM  
Oddly enough, a GIS for "chinese backdoor" does not show the kinds of pictures one would expect.
 
2012-05-28 06:29:56 PM  

lisarenee3505: Someone please tell me why in the fark we do ANY business with China. No one can trade with an insignificant communist country liike Cuba, who is absolutely no threat the US at all, yet we do trillions of dollars worth of business with a country that LITERALLY has nuclear missiles aimed at us and at some of our allies.

WHAT!

THE!

FARK!!!!!

Okay new rule. Starting like RIGHT FARKING NOW, no US company or entity is allowed to conduct business of any kind with China. Additionally, no Chinese-made product may be imported into the US by any company, foreign or domestic.

Yes I know what this would do, but damnit some day we have to say "enough of this shiat" and put the Chinese back in their place, else we risk being overrun by them and seeing the end of America.


I, for one, welcome our new overlords with their tasty foods.
 
2012-05-28 06:51:30 PM  

ZAZ: In the early 1990s the U.S. government wanted everybody to use an NSA-spec part for encryption. This chip would deliberately leak data that the government could use to decrypt the message. The "Clipper Chip" never became law or standard. As far as we know. You have to wonder if the government was able to pressure hardware makers. While the mathematics of software encryption can't be faked, hardware sources of randomness can be biased and the RF emissions of the chip can be changed. Timing of instructions could be adjusted to leak information about the key. And so forth.


Not at all. Well, NSA was involved in the crypto part. Clipper was to be embedded in encrypted voice phones. See, at the time, cell phones weren't the norm, and those that were around used analog transmission, and were something you could just listen to with the right scanner. So, there were a group of folks that wanted to not be listened in on during their phone conversations, that weren't proper gubmint types like me. So if you wanted to pop down to the Radio Shack and get an encrypted digital phone, the gubmint figured you were a drug dealer, businessman or fomentor of discord, because it's likely you were.

Thus did the gubmint decree that any encrypted phone made in Amurka would have encryption alrighty, but it would be a part that NSA did, so that you didn't use any encryption they didn't know about, and you had to give up your keys (the phone company did that for you) to be stored by the gubmint in what was then called "key escrow" where they promised never ever to look at them unless they had a court order. That, of course, was blarney and NSA promptly loaded them into the Machine, if you used one of these phones you were also a priority monitor, but I digress.

The bad part was that during the key exchange part of the call, the Clipper would broadcast the LEAF, a 128 bit field letting you know what keys it was, and it turned out to be crappily encoded - you could easily brute force the thing. So Clipper choked and died as a concept.

Interestingly enough, about a decade later during a death-by-slides punishment at Redstone, an NSA cryptowonk was asked "What ever happened to Clipper? We were given to believe that encrypted voice was the end of Amurka", to which he not so craftily replied "prime number factoring encryption is no longer an issue of national security", which we found to be interesting.

But no, there's no sekert Clipper chips hidden in your TV.
 
2012-05-28 07:12:50 PM  
I've been saying this since the day IBM was sold off to China. Hell, I'd do it to them, it's only logical they're that smart.

Even sci fi predicted this; David Gerrold spoke of 'smart guns' that got turned off by the enemy back in the "War Against the Ch'Torr" series, and that was from the late '80's.
 
2012-05-28 07:17:28 PM  

crab66: Looks more like "Be afraid and give us money!" than anything.


Yeah, he even says "I could discover more if only I had lots of new funding!" at the end.

What he found was that there are undocumented JTAG commands. There always are. That *could* be an issue. Not that you can get to them through some hidden address on the net - this is a JTAG thing, it's part of the internal diagnostics, and in some FPGA parts is also how you load the bit map. In a normal world, most consumer goods don't HAVE FPGAs, although some of the other parts have JTAG ports, like your CPU.

Even if you DO have JTAG ports, in a normal world, you don't hook them to accessible I/O ports, because they're nothing you could or would use during normal operation. You generally put a set of pin-probe pads down somewhere and use them to test solder connections to your FPGA or CPU in assembly, but there's not much point in sticking them somewhere accessible in I/O space.

The military had a thing for being able to access any JTAG port in an assembly for field hardware verification testing. I don't know anyone who actually complied - often when you go into JTAG test mode your chip ceases normal operations, floats all its lines and starts flailing in a manner not suitable for safety when the thing's in a missile or whatnot. Hell, if you were Chinese and could get my parts to flip into JTAG diagnostic mode at will, we've got a problem at any rate, because you can do whatever you like with the hardware's I/O. You don't need the super sekret JTAG unknown command set - you can do whatever you want right there with the published command set.

So, his sekret back door would involve having access to JTAG space, and to get there you'd have to trojan the weapon system's operating system anyway. And secret JTAG commands or no, the published ones are going to get the job done if all you want to do is make it play dead. Not to mention, if you've taken over the main CPU's software anyway to GET to JTAG space, why do you care about the FPGAs?

Where this actually IS an issue is being able to dump out unencrypted bitmaps of FPGAs. You see, if you're doing a design for the gubmint that requires some sort of secured crypto, and among those are the secret GPS keys, NSA's crypto algorithms for military comms and the like, the NSA will deliver you an FPGA binary code module with the ins and outs documented, timing and layout data and a VHDL testbench. You don't know what's in the module - it's a black box. However, if you can unlock the loaded FPGA and dump out the bitmap, you could, with enough time and coffee, reverse engineer the algorithm and/or retrieve the keys. THAT is bad.

BTW, your Intel CPU has all sorts of undocumented instructions, up to and including being able to reload the microcode on the fly. You can do whatever you'd like with that. And the microcode set is loaded initially by the BIOS, which for all YOU know could have been pranked already by the BIOS vendor or system designer. Thus do you need classified BIOS vendors who can guarantee your safety.

/stands with cape waving in the wind, protecting ur BIOSz liek a cheezburger
 
2012-05-28 07:24:42 PM  

Cthulhu_is_my_homeboy: Somehow I feel this is less of a threat than people using "1234" as their password, or putting sensitive documents on unprotected flash drives.

/Or putting them in their torrent shares folder...


Or making it the code to the GSA boxes in your SCIF...

The One True TheDavid: What brilliant patriot outsourced this shiat to China in the first place? First they scarf up the USA's national debt, then they punk the Pentagon -- with the help of American banks and corporations.

It's past time for a public treason trial.


You should REALLY ask - what idiot decided that it was ok to use non-USA built components in military equipment, which is where all this started.

Most of your fancy equipment depends on fabs in Taiwan. A handful of good conventional weapon strikes from mainland China on Taiwan and there ARE no more advanced semiconductors in the US. And by advanced, I mean anything more advanced than an 8 bit micro.
 
2012-05-28 07:26:10 PM  

crab66: Looks more like "Be afraid and give us money!" than anything.


Oh, I should add, there's no indication this was grafted on by the evil Chinese. The guy found undocumented JTAG commands - it's just as likely the manufacturer put them in there, most of them DO have a few secret JTAG codes to help in design testing that they just leave.
 
ZAZ [TotalFark]
2012-05-28 08:22:20 PM  
BTW, your Intel CPU has all sorts of undocumented instructions, up to and including being able to reload the microcode on the fly.

Undocumented, but more than undocumented. The meaning of the second byte of the 8086 AAD instruction was undocumented. Unpublished modern Intel CPU features are seriously protected corporate secrets.

Most of your fancy equipment depends on fabs in Taiwan. A handful of good conventional weapon strikes from mainland China on Taiwan and there ARE no more advanced semiconductors in the US. And by advanced, I mean anything more advanced than an 8 bit micro.

We're screwed without Asia, but we're not totally without CPUs. Intel, for example, has a 14 nm fab coming online in Arizona soon and several older ones still in operation.

I think, without researching, that memory will be more of a problem than CPUs if China and Taiwan blow each other up.
 
2012-05-28 09:00:35 PM  

Nemo's Brother: Thabk you Bil Clinton


And here we have another cocksucker who thinks English should be the "offishul langauge".
Infromed citizen, FTW!
 
2012-05-28 11:00:35 PM  

XMark: 1234? I've got the same password on my luggage!


Great, now my bicycle lock is essentially useless.

Good one guys.
 
2012-05-28 11:23:10 PM  

Tentacle: "no carrier"?

Subby is showing his age...


Carrier lost.

/Now I'm showing mine.
 
2012-05-29 12:28:36 AM  
Let me see. Hmm. The entire Chinese culture is built upon lying, cheating and thievery, and people are surprised? Are you a bunch of retards? I bet people are shocked to know that the Israelis and the Russians do exactly the same thing.
 
2012-05-29 04:03:30 AM  

ZAZ: I think, without researching, that memory will be more of a problem than CPUs if China and Taiwan blow each other up.


If you take out TSMC things will be very bad across the board.
 
2012-05-29 06:23:58 AM  

jso2897: Nemo's Brother: Thabk you Bil Clinton

And here we have another cocksucker who thinks English should be the "offishul langauge".
Infromed citizen, FTW!


typos look just like spanish eh
 
2012-05-29 10:15:38 AM  

Tell Me How My Blog Tastes: //Don't have a security clearance or anything, I just work for a closely aligned NGO w/zero sensitive material access, just access to high-access people. Close enough, in other words.


Close enough to pull paranoid guesses out of your ass, without actually knowing a damn thing about the tech in question.

/ Worked for the company that makes the machines that made your CPU.
 
2012-05-29 10:22:48 AM  

ZAZ: OgreMagi

There are American-source rules for military hardware. I don't know details.


The details are pretty simple: US-sourced components must be used, except where none such exist. Which is almost always the case for chips.
 
2012-05-29 10:29:04 AM  

The One True TheDavid: What brilliant patriot outsourced this shiat to China in the first place? First they scarf up the USA's national debt, then they punk the Pentagon -- with the help of American banks and corporations.

It's past time for a public treason trial.


Whole lotta stupid in this thread.

OK, genius, I'll tell you who: NOBODY. The US hasn't been competitive in semiconductor fab for decades. The industry DIED; it wasn't outsourced.


Nemo's Brother: Thabk you Bil Clinton


It has nothing to do with NAFTA, mushmouth. Youb webcome.
 
2012-05-29 10:40:07 AM  
And finally: NOWHERE in the actual findings is China implicated.

Given the near-astronomical complexity of modern IC circuit layout, it's far, far more likely this is a "backdoor" intentionally created by the chip designer (who is hinted at in the original news release), for entirely benign purposes. (If you ranted about never buying anything from China again, ask an adult what "benign" means.)

2nd-most likely possibility: a chip designer was bribed to insert it. China could be the payee of the bribe, but that has nothing to do with China making the chips; it's like blaming the guy at the deepfryer if McDonald's ships tainted potatoes.

And, given the likelihood of #1, and ease of #2, and the difficulty of altering the design at the fab foundry... it's not even worth discussing the merits of buying Chinese. It just isn't relevant to this news release...

... which, as others have noted, is nothing more than a scaremongering advertisement for their analysis services.
 
2012-05-29 11:54:51 AM  
 
2012-05-29 01:50:07 PM  
I work for a state government agency that always picks convenience over security. For example, one of my big projects a year ago was to encrypt every agency computer with Safeboot (now McAfee Endpoint Encryption). Every user got an account and a password with rules to follow so as to not be easily guessable.

It turned out that too many people were forgetting their passwords and getting frustrated, so I was ordered by the head of IT to create a guest account for every remote office and group where the password was the same as the username.

In other words, my hundreds of man hours and the thousands spent on software and hardware were made useless because the end users had to remember an extra password. When I pointed out to the IT director that having a location-wide username with a password that equals the username is pointless and they might as well just not have encryption, I was told "but then we wouldn't be in compliance with certain regulations."

/CSB
 
2012-05-29 07:45:56 PM  
Ceterum censeo Sina esse delendam.
 
Displayed 50 of 53 comments


Oldest | « | 1 | 2 | » | Newest | Show all


View Voting Results: Smartest and Funniest

This thread is archived, and closed to new comments.

Continue Farking
Submit a Link »
On Twitter








In Other Media
  1. Links are submitted by members of the Fark community.

  2. When community members submit a link, they also write a custom headline for the story.

  3. Other Farkers comment on the links. This is the number of comments. Click here to read them.

  4. Click here to submit a link.

Report