July 11, 2011

Google Logo Add Us On GoogleAdd SciAm

Hacked Hardware Has Been Sold in the U.S.

By Michael Moyer

Join Our Community of Science Lovers!

This article was published in Scientific American’s former blog network and reflects the views of the author, not necessarily those of Scientific American

Last week, an official at the Department of Homeland Security (DHS) told a congressional panel that hardware sold in the U.S. has been compromised by foreign agents. According to a report at Fast Company:

When asked by Rep. [Jason] Chaffetz [R-UT] whether [acting deputy undersecretary of the DHS National Protection and Programs Directorate Greg] Schaffer was aware of any foreign-manufactured software or hardware components that had been purposely embedded with security risks, the DHS representative stated that “I am aware of instances where that has happened,” after some hesitation.

In other words, hardware manufactured abroad has been embedded with malicious code, a problem described last year in Scientific American by John Villasenor, a professor of electrical engineering at the University of California, Los Angeles. The design of modern integrated circuits has become so complex, says Villasenor, that malicious agents could insert unwanted instructions into the circuits at some point in the process. “Given the sheer number of people and complexity involved in a large integrated-circuit design, there is always a risk that an unauthorized outsider might gain access and corrupt the design without detection,” Villasenor writes.

On supporting science journalism

If you're enjoying this article, consider supporting our award-winning journalism by subscribing. By purchasing a subscription you are helping to ensure the future of impactful stories about the discoveries and ideas shaping our world today.

What’s at stake here? Villasenor uses the example of a cell-phone circuit that’s programmed to shut down millions of phones at a certain predetermined time. But this is an innocuous example. Villasenor writes:  

The difficulty of fixing a systemic, malicious hardware problem keeps cybersecurity experts up at night. Anything that uses a microprocessor—which is to say, just about everything electronic—is vulnerable. Integrated circuits lie at the heart of our communications systems and the world’s electricity supply. They position the flaps on modern airliners and modulate the power in your car’s antilock braking system. They are used to access bank vaults and ATMs and to run the stock market. They form the core of almost every critical system in use by our armed forces. A well-designed attack could conceivably bring commerce to a halt or immobilize critical parts of our military or government.

What can be done? Villasenor advocates for circuits that are designed to police themselves, searching for abnormal activity in their sub-units and taking protective action if any is found. This would sacrifice a bit of performance, but protect the circuit as a whole.

 

Photo courtesy Karl-Ludwig Poggemann on Flickr

Michael Moyer is the editor in charge of physics and space coverage at Scientific American. Previously he spent eight years at Popular Science magazine, where he was the articles editor. He was awarded the 2005 American Institute of Physics Science Writing Award for his article "Journey to the 10th Dimension," and has appeared on CBS, ABC, CNN, Fox and the Discovery Channel. He studied physics at the University of California at Berkeley and at Columbia University.

More by Michael Moyer

It’s Time to Stand Up for Science

If you enjoyed this article, I’d like to ask for your support. Scientific American has served as an advocate for science and industry for 180 years, and right now may be the most critical moment in that two-century history.

I’ve been a Scientific American subscriber since I was 12 years old, and it helped shape the way I look at the world. SciAm always educates and delights me, and inspires a sense of awe for our vast, beautiful universe. I hope it does that for you, too.

If you subscribe to Scientific American, you help ensure that our coverage is centered on meaningful research and discovery; that we have the resources to report on the decisions that threaten labs across the U.S.; and that we support both budding and working scientists at a time when the value of science itself too often goes unrecognized.

In return, you get essential news, captivating podcasts, brilliant infographics, can't-miss newsletters, must-watch videos, challenging games, and the science world's best writing and reporting. You can even gift someone a subscription.

There has never been a more important time for us to stand up and show why science matters. I hope you’ll support us in that mission.

Thank you,

David M. Ewalt, Editor in Chief, Scientific American

Subscribe