Quelqu'un utilise des puces Actel/Microsemi ?
En avant-première du CHES 2012 en sept. à Louvain, deux chercheurs
britanniques ont publié :
Breakthrough silicon scanning discovers backdoor in military chip (DRAFT
of 05 March 2012) Breakthrough silicon scanning discovers backdoor in
military
/"As a result we were able to locate and exploit undocumented backdoor
in the Actel ProASIC3 chip positioned as industry's highest security
device. To our knowledge this is the first documented case of a backdoor
inserted in real world device with critical applications. Not only can a
poorly protected AES key be extracted from the PA3 chips in no time and
with minimal effort, but the Passkey which was believed to be
unbreakable and which was robust against DPA attacks can also be
extracted.[...]/
Breakthrough silicon scanning discovers backdoor in military ch /Those
products include, but are not limited to: Igloo, Fusion and Smartfusion.
The PA3 is heavily marketed to the military and industry and resides in
some very sensitive and critical products. From Google searches alone we
have found that the PA3 is used in military products such as /*weapons,
guidance, flight control, networking and communication*/s. In industry
it is used in /*nuclear power plants, power distribution, aerospace,
aviation, public transport and automotive products*/. /*This permits a
new and disturbing possibility of a large scale Stuxnet-type attack via
a network or the Internet on the silicon itself. */If the key is known,
commands can be embedded into a worm to scan for JTAG, then to attack
and reprogram the firmware remotely. The backdoor is close to impossible
to fix on chips already deployed because, unlike software bugs in a PC
Operating System, you cannot issue a patch to fix this. Instead one has
to replace all the hardware which could be extremely expensive. /"
Extrait de www.cl.cam.ac.uk/~sps32/*Silicon*_*scan*_*draft*.pdf
@+, Dom
Breakthrough silicon scanning discovers backdoor in military ch Le
01/08/12 14:40, Adrien Pestel a écrit :
Show must go on :
http://www.computerworld.com/s/article/9229785/Hackers_reveal_critical_vulnerabilities_in_Huawei_routers_at_Defcon
Le 31 juillet 2012 16:07, <ivan.meseg...@free.fr> a écrit :
Pour ceux et celles d'entre vous qui auraient raté la réponse coté Huawei
et ZTE
http://www.pcinpact.com/news/72806-interdiction-routeurs-chinois-zte-et-huawei-repondent-au-rapport-bocke.htm
Ivan Diego
---------------------------
Liste de diffusion du FRnOG
http://www.frnog.org/
---------------------------
Liste de diffusion du FRnOG
http://www.frnog.org/