DARPA Looks For Backdoors, Malware In Tech Products

In the wake of concerns about Huawei and ZTE equipment security, defense research agency seeks help identifying backdoors and malicious capabilities in software and firmware.

Does commercial, off-the-shelf software or hardware contain built-in backdoors to give foreign attackers direct access to corporate or government networks, or pose some other type of information security risk? The Department of Defense wants to find out.
The Defense Advanced Research Projects Agency (DARPA) Thursday published details of its new
Vetting Commodity IT Software and Firmware
(VET) program, which the agency said is designed to find innovative, large-scale approaches to verifying the security and functionality of commodity IT devices -- those commercial information technology devices bought by DOD -- to ensure they are free of hidden backdoors and malicious functionality.
DARPAs new program seeks to overcome three current, related technical challenges associated with that task: identifying which capabilities in a device could be malicious; using that list as a checklist to assess if any given device actually is malicious; and then using that knowledge to allow a non-technical expert to test every instance of every device before it gets rolled out in a Department of Defense network.
DOD relies on millions of devices to bring network access and functionality to its users, said DARPA program manager Tim Fraser in a statement. Rigorously vetting software and firmware in each and every one of them is beyond our present capabilities, and the perception that this problem is simply unapproachable is widespread. The most significant output of the VET program will be a set of techniques, tools and demonstrations that will forever change this perception.
[ Are the Iranians out to get us? See
Frankenstory: Attack Of The Iranian Cyber Warriors
. ]
The launch of DARPAs new program comes after the U.S. House of Representatives Permanent Select Committee on Intelligence in October 2012
issued a scathing report
on Chinese telecommunications companies Huawei and ZTE, saying that they cannot be trusted to be free of foreign state influence and thus pose a security threat to the United States and to our systems. The committee strongly encouraged businesses in the United States to
look elsewhere
for their technology.
That recommendation was not made based on an inspection of either vendors firmware code, but rather by reviewing the companies
business practices
. Still, the report raised a larger and much-more-difficult question: Did the devices actually contain built-in backdoors?
Unfortunately,
answering that type of question
can be quite difficult, as it necessitates both a complete review of the code base, as well as the ability to surmise which
built-in capabilities may be put to nefarious use
. Notably, one independent security expert who closely studied two different models of Huawei routers noted that
existing bugs in the firmware
, seemingly present due to sloppy coding, would have allowed a would-be attacker to compromise the devices, irrespective of any purpose-designed backdoor functionality being present.
DARPA will host a
proposers day
December 12 in Arlington, Va., to brief anyone whos interested in participating in its new VET program.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
DARPA Looks For Backdoors, Malware In Tech Products