The U.S. is vulnerable to installing imported, vulnerable computer hardware from China and elsewhere with hidden backdoors on critical infrastructure, like the power grid, water systems, hospitals, air traffic control, communications and defense-related systems. And the American people may not find out about it until it is too late and things start getting switched off.
Fortunately, President Donald Trump could do something about it by levying a heavy tariff on technology components that include such unsecure backdoors or from regions known to produce such backdoors.
In 2016, a group of computer engineers at the Department of Electrical Engineering and Computer Science at the University of Michigan in Ann Arbor hypothesized that a single circuit could be developed out of millions or billions onto a computer chip to create a “backdoor” to the computer’s operating system. Called an “analog” hack, it proved that “a fabrication-time attacker can leverage analog circuits to create a hardware attack that is small (i.e., requires as little as one gate) and stealthy (i.e., requires an unlikely trigger sequence before effecting a chip’s functionality).”
Unfortunately, because chip manufacturers rely on global supply chains for fabrication and then, necessarily, on post-fabrication testing to detect problems, this leaves virtually every chip vulnerable and highly unlikely to be detected: “this type of testing leaves the door open to malicious modifications since attackers can craft attack triggers requiring a sequence of unlikely events, which will never be encountered by even the most diligent tester.”
The core of the problem identified by the engineers is “Outsourcing of chip fabrication opens up hardware to attack,” such that at any point in the fabrication process this “needle in a haystack” circuit could be introduced by a single employee without detection. The proof of concept on an OR1200 chip suggested that “Experimental results show that our attacks work, show that our attacks elude activation by a diverse set of benchmarks, and suggest that our attacks evade known defenses.” In short, the engineers proved it worked.
Militarized, it is easy to conceive that the U.S. could import the technology that will be used against it, with the power grid, potable water and even the critical nuclear offensive and defensive weapons systems potentially being able to be shut off at the flip of a switch. For years it has been speculated that such malicious circuits could be put onto computer chips by intelligence agencies, but with the University of Michigan study, it suddenly appeared quite viable.
A year later, in May 2017, the Michigan engineers’ worst fears were realized when it was publicly revealed that such an exploit had not only already been found on the Intel family of processor chips on the so-called Intel Management Engine, but had been manufactured tens of millions of times over, effectively proliferating all over the world. As described by the UK Register’s Thomas Claburn: “The firmware-level bugs allow logged-in administrators, and malicious or hijacked high-privilege processes, to run code beneath the operating system to spy on or meddle with the computer completely out of sight of other users and admins. The holes can also be exploited by network administrators, or people masquerading as admins, to remotely infect machines with spyware and invisible rootkits, potentially,” or even commandeer applications.
Security patches have since been developed by Microsoft and others to secure affected systems, and Intel developed a detection tool that can be downloaded to alert a user if their system is affected.
At least one group suggested the bug was intentional. A team of researchers at the London-based Positive Technologies on Aug. 28, 2017 published a study outlining a process that disables the Intel Management Engine that it says it found because it used publicly available utilities to take a peek at the code that makes the Intel chip work, finding a line of code called “High Assurance Platform (HAP) enable”. After Googling the term, the team turned up a 2009 paper from the National Security Agency Commercial Solutions Center about these so-called High Assurance Platforms that utilize commercially available technologies with “additional High Assurance Security mechanisms.” The description in the NSA paper states, “The fusion of commercial initiatives plus trusted software create a ‘High Assurance Platform’ (HAP).” Now, that in itself does not actually prove that the Intel Management Engine was compromised on behalf of intelligence agencies in accordance with being such a platform. But, the team was able to engineer a process that would disable the Intel Management Engine.
Officially, the story is that the bug was actually an unintentional design flaw that was only discovered after several millions of units had already shipped and were in use. According to an official statement from Intel in August 2017, “Intel does not and will not design backdoors for access into its products. Recent reports claiming otherwise are misinformed and blatantly false. Intel does not participate in any efforts to decrease security of its technology.”
In many ways it would be better if the design “flaw” was actually an intentional backdoor, since then at least this occurred in a controlled environment with the awareness and cooperation of the manufacturer with the U.S. government to assist in national security endeavors, meaning government systems were unaffected. Unfortunately, officially, the vulnerable Intel hardware was sold everywhere, everyone bought into it and the vulnerability proliferated across the entire planet, and the manufacturer was unaware. And they might have even been installed on critical systems, including those necessary for functioning national security, if the federal government was unaware of the bug.
Or intelligence agencies could have been aware, but did not alert the manufacturer. Therefore, although outsourcing of technology plays a key role with this problem and insourcing will be a means to solving it, foreign supply chains are not the only problem that must be contended with. With the case of Intel, it shows absolutely that not only can foreign manufacturers subversively include such analog hacks on hardware, so could domestic companies accidentally, and even with the knowledge of the government, then they might not help it get fixed.
Once fabricated and eventually exposed, suddenly tens of millions of chips are available all over the world that can be reverse engineered by hostile state and non-state actors to be exploited, replicated or improved upon. The more these types of products are sold commercially, the more likely more they will be fabricated in ways that are even more surreptitious.
There are other examples, in May 2017, the Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team confirmed that Hikvision security cameras, a Chinese manufacturer of video surveillance equipment, had come with hidden backdoors installed on them. Think of that, a security camera that the manufacturer may have wanted to be compromised.
These events could be looked at as the digital equivalent of a near-miss from an asteroid. It’s not merely a possibility or even a probability, but a practical certainty that eventually these types of malicious circuits will be included with a chip operating a critical system vital to national security — and the public might be unaware that it has occurred until it is too late. Why? Because today these types of components are being outsourced and not secured at all aspects of the supply chain.
In March, Federal Communications Commission Chairman Ajit Pai announced that his agency will be voting on blocking U.S. subsidies to companies that purchase Chinese technology, pointing to the danger of hidden back doors. Pai stated, “Threats to national security posed by certain communications equipment providers are a matter of bipartisan concern. Hidden ‘back doors’ to our networks in routers, switches — and virtually any other type of telecommunications equipment — can provide an avenue for hostile governments to inject viruses, launch denial-of-service attacks, steal data, and more.”
Similarly, last month Singapore-based Broadcom was blocked from purchasing tech giant Qualcomm by President Trump, to prevent this very thing from happening. Qualcomm makes components for everything including computers, networks and smart phones.
Clearly this is a priority for the Trump administration, but more needs to be done to create a secure domestic supply chain in light of these national security concerns. Restrictions could be placed on the sale of imported devices that do not meet with U.S. cyber security specifications, either in the form of quotas, tariffs or blocking importation altogether.
Similarly, regulations could be enacted requiring that critical systems funded by the federal government only use components made in America under the new specifications, taking the FCC’s proposal a bit further.
Diplomatic talks can be engaged to formulate an international cyber treaty that could govern the rules of the road, outlawing manufacturing backdoors.
To prevent proliferation, safeguards should be taken to ensure that such backdoors are not similarly deployed by U.S. military and intelligence agencies into commercial products for spying since if and when they are discovered, they can be proliferated and reverse-engineered by foreign adversaries and non-state actors to undermine the very system that is supposed to be concerned with security.
What is clear is that without a proper national technology strategy, of which tariffs and other import controls could play a key role, the U.S. remains vulnerable to installing imported, vulnerable computer hardware on critical infrastructure, like the power grid, water systems, air traffic control, communications, hospitals and defense-related systems, and the American people may not be aware of it until the power grid is shut off, the water system is compromised or planes start falling out of the sky.
It is the equivalent of opening the gates and letting the Trojan Horse inside to enable the Greek soldiers to burn Troy to the ground.
What was merely speculative just a few years ago is now fully realized, with multiple examples of compromised hardware both as a proven concept and millions of sales. A single undetected malicious circuit on a chip, installed on the wrong system, could prove to be devastating to national security and even our constitutional system of government, and the Trump administration, Congress and the tech industry need to act before it is too late.
Robert Romano is the Vice President of Public Policy at Americans for Limited Government.