Incident: Discovery of Back Door Vulnerability in Actel Chip Used in Military Systems

Published Date: 2012-05-29

Postmortem Analysis
Timeline 1. The software failure incident of the "back door" discovered in a computer chip used in military systems and aircraft such as the Boeing 787 happened around May 2012 as per the article published on May 29, 2012 [11892].
System 1. Actel ProASIC3 chip [11892]
Responsible Organization 1. Actel, the US manufacturer of the ProASIC3 chip, may have been responsible for causing the software failure incident by potentially inserting a back door into the chip design [11892].
Impacted Organization 1. Military systems and aircraft such as the Boeing 787 2. Sensitive installations 3. Computer systems in Iran, Syria, and Saudi Arabia 4. Medical, automotive, communications, and consumer products 5. Remote surveillance systems 6. Drones 7. Flight-critical applications on the Boeing 787 Dreamliner 8. Actel, the US manufacturer of the chip [11892]
Software Causes 1. The software cause of the failure incident was the presence of a "back door" in a computer chip used in military systems and aircraft, such as the Boeing 787, which could allow the chip to be taken over via the internet [11892].
Non-software Causes 1. Hardware back door discovered in a computer chip used in military systems and aircraft like the Boeing 787, allowing unauthorized access [11892].
Impacts 1. The software failure incident involving the discovery of a "back door" in a computer chip used in military systems and aircraft like the Boeing 787 could allow the chip to be taken over via the internet, potentially compromising security and control of these critical systems [11892].
Preventions 1. Implementing rigorous security testing during the chip design phase to identify and address any potential vulnerabilities [11892]. 2. Conducting regular security audits and assessments on the chip to detect any unauthorized access points or back doors [11892]. 3. Ensuring transparency and collaboration between chip manufacturers, government agencies, and security researchers to promptly address any identified security risks [11892].
Fixes 1. The software failure incident involving the "back door" in the Actel chip used in military systems and aircraft like the Boeing 787 could potentially be fixed by replacing the hardware, which means replacing the affected chips [11892].
References 1. Sergei Skorobogatov of Cambridge University and Chris Woods of Quo Vadis Labs 2. Rik Ferguson, director of security research at Trend Micro 3. Actel (manufacturer of the ProASIC3 chip) 4. Government agencies (response to the hack information) 5. Online security company Trend Micro [11892]

Software Taxonomy of Faults

Category Option Rationale
Recurring multiple_organization (a) The software failure incident related to the discovery of a "back door" in a computer chip used in military systems and aircraft, specifically the Actel ProASIC3 chip, could potentially impact various industries and applications. The chip is used in medical, automotive, communications, consumer products, as well as military applications such as remote surveillance systems, drones, and flight-critical applications on the Boeing 787 Dreamliner [11892]. (b) The potential security vulnerability discovered in the Actel ProASIC3 chip, which could allow unauthorized access and control of the chip, raises concerns about the broader implications for cybersecurity across different sectors. The incident highlights the risks associated with hardware-based back doors and the challenges in mitigating such vulnerabilities, especially when they are inherent in the design of the silicon chip [11892].
Phase (Design/Operation) design (a) The software failure incident in the article is related to the design phase. The back door discovered in the Actel ProASIC3 chip was described as an additional undocumented feature deliberately inserted into the device for extra functionality. This back door was inherent in the design of the silicon chip, making it impossible to remove because it is part of how the chip reacts to certain inputs. The presence of this back door compromised the high level of security in the chip, exposing it to various attacks [11892]. (b) The software failure incident in the article is not related to the operation phase or misuse of the system.
Boundary (Internal/External) within_system (a) within_system: The software failure incident described in the article is within the system. The back door discovered in the computer chip made by Actel was an additional undocumented feature deliberately inserted into the device for extra functionality. This back door allowed an attacker to disable security on the chip, reprogram cryptographic and access keys, or permanently damage the device [11892]. The presence of this back door within the design of the silicon chip itself compromised the high level of security in the chip, making it exposed to various attacks originating from within the system.
Nature (Human/Non-human) non-human_actions, human_actions (a) The software failure incident in this case is related to non-human_actions, specifically the discovery of a "back door" in a computer chip used in military systems and aircraft like the Boeing 787. This back door could allow the chip to be taken over via the internet, potentially leading to disabling security, reprogramming cryptographic keys, and causing permanent damage to the device [11892]. (b) The potential insertion of the back door into the chip, whether by Actel itself or through the design stage, could be considered a human_action contributing to the software failure incident. The presence of this back door, intentionally or unintentionally introduced, poses serious risks by compromising the high level of security in the chip and making it vulnerable to various attacks [11892].
Dimension (Hardware/Software) hardware (a) The software failure incident in the article is related to hardware. The incident involves a "back door" discovered in a computer chip used in military systems and aircraft like the Boeing 787. This back door could allow the chip to be taken over via the internet, potentially compromising security and allowing unauthorized access and control of the chip [11892]. (b) The software failure incident is not directly related to contributing factors originating in software.
Objective (Malicious/Non-malicious) malicious (a) The software failure incident described in the article is malicious in nature. The incident involves the discovery of a "back door" in a computer chip used in military systems and aircraft, which could allow the chip to be taken over via the internet. The back door could enable an attacker to disable security on the chip, reprogram cryptographic and access keys, or permanently damage the device. The presence of this back door raises concerns about the risks of cyber-attacks on sensitive installations [Article 11892].
Intent (Poor/Accidental Decisions) poor_decisions (a) The intent of the software failure incident: The incident described in the article is related to poor_decisions. The back door discovered in the Actel chip was deliberately inserted into the device for extra functionality, allowing unauthorized access and compromising the security of the chip. This back door may have been intentionally designed by Actel, as there are traces of its existence in the system files of Actel development software. The presence of this back door undermines the high level of security in the chip, making it exposed to various attacks [11892].
Capability (Incompetence/Accidental) development_incompetence, unknown (a) The software failure incident related to development incompetence is evident in the discovery of a "back door" in a computer chip used in military systems and aircraft like the Boeing 787. The back door could allow a hacker to disable all security on the chip, reprogram cryptographic and access keys, or permanently damage the device [11892]. This back door may have been deliberately inserted into the chip's design by Actel, the US manufacturer, as an undocumented feature for extra functionality, potentially compromising the high level of security in the chip [11892]. (b) The software failure incident related to accidental factors is not explicitly mentioned in the provided article.
Duration permanent The software failure incident described in the article is more aligned with a permanent failure [(Article 11892)]. The back door discovered in the computer chip made by Actel allows an attacker to disable all security on the chip, reprogram cryptographic and access keys, or permanently damage the device. This back door is inherent in the design of the silicon chip and cannot be removed, as it is part of how the chip reacts to certain inputs. The presence of this back door undermines the high level of security in the chip, making it exposed to various attacks. Additionally, the back door was suggested to have been deliberately inserted into the device for extra functionality, indicating a permanent flaw in the chip's design.
Behaviour other (a) crash: The software failure incident described in the article is not related to a crash where the system loses state and does not perform any of its intended functions. Instead, the focus is on a security vulnerability in a computer chip that could be exploited by hackers to take over the chip and compromise its security [11892]. (b) omission: The incident does not involve a failure due to the system omitting to perform its intended functions at an instance(s). It is more about a potential security vulnerability or back door in the chip that could allow unauthorized access and control [11892]. (c) timing: The issue discussed in the article is not about the system performing its intended functions too late or too early. It is primarily focused on the security implications of a potential back door in the chip that could be exploited by hackers [11892]. (d) value: The software failure incident is not related to the system performing its intended functions incorrectly. Instead, it revolves around the discovery of a method that could allow a hacker to disable security features, reprogram keys, and potentially damage the device [11892]. (e) byzantine: The incident does not involve the system behaving erroneously with inconsistent responses and interactions, which would align with a byzantine failure. The focus is on the security implications of a potential back door in the chip that could compromise its security [11892]. (f) other: The behavior of the software failure incident described in the article can be categorized as a security vulnerability related to the potential presence of a back door in a computer chip used in military systems and aircraft. This back door could allow unauthorized access, disable security features, reprogram keys, and potentially damage the device, raising concerns about cyber-attacks and security risks [11892].

IoT System Layer

Layer Option Rationale
Perception sensor, processing_unit, network_communication, embedded_software (a) sensor: The software failure incident reported in the article is related to a "back door" discovered in a computer chip used in military systems and aircraft like the Boeing 787. This back door could allow the chip to be taken over via the internet, indicating a vulnerability in the sensor or input mechanism of the chip [Article 11892]. (b) actuator: The article does not specifically mention any failure related to an actuator error. (c) processing_unit: The failure described in the article is linked to a method that a hacker can use to connect to the internals of a chip made by Actel, a US manufacturer. This indicates a vulnerability in the processing unit of the chip [Article 11892]. (d) network_communication: The incident involves the discovery of a back door that could allow unauthorized access to the chip over the internet, suggesting a failure in network communication security [Article 11892]. (e) embedded_software: The back door discovered in the chip is inherent in the design of the silicon chip, indicating a vulnerability in the embedded software of the chip [Article 11892].
Communication unknown The software failure incident described in the article does not directly relate to a failure at the communication layer of the cyber-physical system. Instead, the incident involves the discovery of a "back door" in a computer chip used in military systems and aircraft, which could allow unauthorized access and control of the chip [11892]. This issue pertains more to a security vulnerability within the hardware design of the chip rather than a failure at the communication layer of a cyber-physical system.
Application FALSE The software failure incident described in the article [11892] is not related to the application layer of the cyber physical system. Instead, it involves a "back door" discovered in a computer chip used in military systems and aircraft, allowing unauthorized access and control of the chip. This issue is more related to a hardware vulnerability rather than a failure at the application layer caused by bugs, operating system errors, unhandled exceptions, or incorrect usage.

Other Details

Category Option Rationale
Consequence non-human, theoretical_consequence (a) unknown (b) unknown (c) unknown (d) unknown (e) unknown (f) The software failure incident impacted non-human entities, specifically the computer chips used in military systems and aircraft such as the Boeing 787 [11892]. (g) unknown (h) Theoretical consequences of the software failure were discussed, including the risks of cyber-attacks on sensitive installations, potential damage to the chip, compromise of security, and exposure to various attacks [11892]. (i) unknown
Domain manufacturing (a) The failed system was intended to support the manufacturing industry as the article mentions that the Actel ProASIC3 chip, which contained the back door vulnerability, is used in various products including medical, automotive, communications, consumer products, as well as military applications like remote surveillance systems, drones, and flight-critical applications on the Boeing 787 Dreamliner [Article 11892].

Sources

Back to List