"While they did find a backdoor in a popular FPGA chip, there is no evidence the Chinese put it there, or even that it was intentionally malicious."
Nor did the original article specifically allege that it was "the Chinese", or that the backdoor was malicious. It did allege that it was inserted by the manufacturer (although technically anything on the chip is inserted by the manufacturer), presumably because it differed from a public spec, but the veracity of that statement is still unknown (at least to us). But I don't think that that's enough to call it "bogus".
Agree; I feel like I've misjudged the story here, because apparently the idea that silicon is as riddled with backdoors as software is isn't a big deal; just, "is China cyberwaring us".
The technology behind this story is serious and interesting, and all anyone wants to talk about is politics.
> The technology behind this story is serious and interesting
Which is why, at the end of this article, I suddenly went "what?!" when I read:
"And researchers will not probably hunt for similar JTAG backdoors in other chips."
If there's one good thing to come of all this fearmongering, it is that chips will be subjected to more scrutiny. Hopefully someday chips are much more open, standardized, and well documented. That's a long way off, but there are many reasons to hope it might happen.
I don't know, maybe I read that sentence wrong. Maybe the author meant, "researchers will, not probably, but for sure hunt for backdoors."
They said that this chip was manufactured in China and that the manufacturer had inserted this backdoor which "could be turned into an advanced Stuxnet weapon to attack potentially millions of systems."
By implication, and by selectively leaving out information about how this attack required the use of JTAG port the article intentionally implied that it was a Chinese attack, even if it didn't lay out that claim in so many words.
Nor did the original article specifically allege that it was "the Chinese", or that the backdoor was malicious. It did allege that it was inserted by the manufacturer (although technically anything on the chip is inserted by the manufacturer), presumably because it differed from a public spec, but the veracity of that statement is still unknown (at least to us). But I don't think that that's enough to call it "bogus".