Skip to main content

Hacked Hardware Has Been Sold in the U.S.

This article was published in Scientific American’s former blog network and reflects the views of the author, not necessarily those of Scientific American


Last week, an official at the Department of Homeland Security (DHS) told a congressional panel that hardware sold in the U.S. has been compromised by foreign agents. According to a report at Fast Company:

When asked by Rep. [Jason] Chaffetz [R-UT] whether [acting deputy undersecretary of the DHS National Protection and Programs Directorate Greg] Schaffer was aware of any foreign-manufactured software or hardware components that had been purposely embedded with security risks, the DHS representative stated that “I am aware of instances where that has happened,” after some hesitation.

In other words, hardware manufactured abroad has been embedded with malicious code, a problem described last year in Scientific American by John Villasenor, a professor of electrical engineering at the University of California, Los Angeles. The design of modern integrated circuits has become so complex, says Villasenor, that malicious agents could insert unwanted instructions into the circuits at some point in the process. “Given the sheer number of people and complexity involved in a large integrated-circuit design, there is always a risk that an unauthorized outsider might gain access and corrupt the design without detection,” Villasenor writes.


On supporting science journalism

If you're enjoying this article, consider supporting our award-winning journalism by subscribing. By purchasing a subscription you are helping to ensure the future of impactful stories about the discoveries and ideas shaping our world today.


What’s at stake here? Villasenor uses the example of a cell-phone circuit that’s programmed to shut down millions of phones at a certain predetermined time. But this is an innocuous example. Villasenor writes:  

The difficulty of fixing a systemic, malicious hardware problem keeps cybersecurity experts up at night. Anything that uses a microprocessor—which is to say, just about everything electronic—is vulnerable. Integrated circuits lie at the heart of our communications systems and the world’s electricity supply. They position the flaps on modern airliners and modulate the power in your car’s antilock braking system. They are used to access bank vaults and ATMs and to run the stock market. They form the core of almost every critical system in use by our armed forces. A well-designed attack could conceivably bring commerce to a halt or immobilize critical parts of our military or government.

What can be done? Villasenor advocates for circuits that are designed to police themselves, searching for abnormal activity in their sub-units and taking protective action if any is found. This would sacrifice a bit of performance, but protect the circuit as a whole.

 

Photo courtesy Karl-Ludwig Poggemann on Flickr

Michael Moyer is the editor in charge of physics and space coverage at Scientific American. Previously he spent eight years at Popular Science magazine, where he was the articles editor. He was awarded the 2005 American Institute of Physics Science Writing Award for his article "Journey to the 10th Dimension," and has appeared on CBS, ABC, CNN, Fox and the Discovery Channel. He studied physics at the University of California at Berkeley and at Columbia University.

More by Michael Moyer