complex. Austin refers to the challenge as
finding the proverbial needle in a hay-
stack. The reason is fairly simple, even if
the technique he and Hicks used is not.
Security researchers have historically fo-
cused virtually all their attention on the
digital level of abstraction. “Defense tools
rely on finding ones and zeros to identify
malicious code,” says Hicks, a lecturer at
the University of Michigan. However,
“An attack doesn’t have to play by the
digital rules—and there are currently no
tools for detecting such an attack.”
As a result, Austin and Hicks fo-
cused their attention on the analog
Although researchers and security
experts have been concerned about the
possibility of a Trojan Horse or other
type of hardware attack, the danger has
remained in the theoretical realm.
In May 2016, a team of researchers
at the University of Michigan, including Todd Austin and Matthew Hicks,
presented a paper showing exactly how
to sabotage a microchip. The pair purposely built a backdoor into a chip and
presented an academic paper at the IEEE
Symposium on Privacy and Security documenting the method (it captured the conference’s Best Paper award). The security
flaw could allow a nation-state or other nefarious entity to grab and steal data. “The
vulnerability creates concern because it’s
a method that could actually be used to
do harm,” says Austin, a professor and director of the university’s Center for Future
The discovery has sent a shock wave
through the computing field. “This is
the most demonically clever computer security attack I’ve seen in years. ...
It’s an attack that can be performed
by someone who has access to the mi-
crochip fabrication facility, and it lets
them insert a nearly undetectable back-
door into the chips themselves,” wrote
Yonatan Zunger, head of infrastructure
for the Google Assistant. And while the
theoretical concept of embedding mal-
ware in hardware is not particularly
new, the project “demonstrates just
how feasible and devastating this
method can be,” says Abhi Shelat,
associate professor of computer sci-
ence at Northwestern University.
Although it is incredibly difficult to spot
security flaws in software, finding them
in hardware can be exponentially more
Are Computer Chips
the New Security Threat?
Security researchers have identified a technique for
installing a backdoor on computer chips, a security flaw
that could profoundly change the computing industry.
Technology | DOI: 10.1145/3022183 Samuel Greengard
An employee checking components at Infineon Technologies AG microchip and sensor
manufacturing facility in Germany.