Microsemi rebuts silicon backdoor claim
Researchers aren’t talking so verification is hard
Regcast training : Hyper-V 3.0, VM high availability and disaster recovery
Microsemi, manufacturer of the ProASIC3 field-programmable gate array (FPGA) that researchers Sergei Skorobogatov and Christopher Woods claim has a highly hackable backdoor, has issued a statement (PDF) about the attack.
The statement also casts doubt on the experimental method used to detect the backdoor, as it says the company “has not been able to confirm or deny the researchers’ claims since they have not contacted Microsemi with the necessary technical details of the set-up nor given Microsemi access to their custom-designed equipment for independent verification.”
The statement also says “there is no designed feature that would enable the circumvention of the user security.”
The document goes on to say that the internal test facility the researchers cracked, by obtaining a key after secretive electronic snooping, does indeed exist but is “disabled in all shipped devices” and “can only be entered in a customer-programmed device when the customer supplies their passcode, thus preventing unauthorized access by Microsemi or anyone else.” The FPGA can also, the statement says, be configured so the internal test facility is disabled and access is not possible, with or without a passcode.
On our reading, the statement says the “backdoor” is a feature in the form of an internal test facility, not a bug. While the researchers may have been able to extract a key, their work does not therefore constitute a revelation because it accesses a known set of functions that aren't hidden from customers.
Here in El Reg’s antipodean eyrie, we’re therefore keen to know if Skorobogatov and Woods worked with a brand new FPGA, because if we take Microsemi’s word for it there’s no reason a virgin ProASIC3 would have a passkey lurking within. But we can imagine a used ProASIC3’s passkey being extracted using the researchers’ cunning methods.
How did the key get there? It’s tempting to suppose that spies got wind of the research, intercepted the FPGA before it reached the lab and inserted a key for the team to find. The resulting explosive finding of a “backdoor” means we all now worry more about China. That makes somebody happy.
We’ve no idea who’s spies would have bothered, but feel justified in floating the idea because this will almost certainly be far from the oddest theory concocted to explain the affair. ®
COMMENTS
It's not Microsemi's fault
From the response PDF, it seems that Microsemi's customers can explicitly dis-able the test feature, or leave the feature working, secured by some who-knows-how-secure-it-really-is method.
If the company incorporating the ASIC into their product chooses to trust the who-knows-how-secure-it-is method of protecting access to the test feature (e.g. leaves the test feature active, but passcode-'protected'), then the fault lies with that product-maker, and not with Microsemi.
IT infrastructure monitoring strategies
Agentless Backup is Not a Myth
Top 10 SIEM implementer’s checklist
Steps to Take Before Choosing a Business Continuity Partner
Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider
