Modernizing Authentication — What It Takes to Transform Secure Access
In response to allegations by Cambridge University researchers that its ProASIC3 chips contain backdoors, Microsemi recently published a response [PDF file] stating, "Microsemi has not been able to confirm or deny the researcher's claims since they have not contacted Microsemi with the necessary technical details of the set-up nor given Microsemi access to their custom-designed equipment for independent verification."
Regardless, the company says, "Microsemi can confirm that there is no designed feature that would enable the circumvention of the user security."
"The document goes on to say that the internal test facility the researchers cracked, by obtaining a key after secretive electronic snooping, does indeed exist but is 'disabled in all shipped devices' and 'can only be entered in a customer-programmed device when the customer supplies their passcode, thus preventing unauthorized access by Microsemi or anyone else,'" writes The Register's Simon Sharwood. "The [chip] can also, the statement says, be configured so the internal test facility is disabled and access is not possible, with or without a passcode."
"[Microsemi] explained that it has advanced countermeasures in place to safeguard its devices against exploitation, adding that customers can disable the use of any type of passcode to gain access to their device configurations, including the internal test facility," writes The Inquirer's Dave Neal.
"This is contradicted by the researchers [PDF file]," The H Security reports. "Co-author Chris Woods told The H that not only has Actel/Microsemi not documented this additional protection option, but that, 'You can't disable the backdoor, only reprogram it to something other than default and hope no one takes the time to break it again.'"
"ProASIC3 chips are integrated into systems used in many industries, including the military, for various applications," writes Computerworld's Lucian Constantin. "The chip is marketed by Microsemi as having one of the highest levels of design security on the market."