DARPA Looks For Backdoors, Malware In Tech Products

  /     /     /  
Publicated : 22/11/2024   Category : security


DARPA Looks For Backdoors, Malware In Tech Products


In the wake of concerns about Huawei and ZTE equipment security, defense research agency seeks help identifying backdoors and malicious capabilities in software and firmware.



Does commercial, off-the-shelf software or hardware contain built-in backdoors to give foreign attackers direct access to corporate or government networks, or pose some other type of information security risk? The Department of Defense wants to find out.
The Defense Advanced Research Projects Agency (DARPA) Thursday published details of its new
Vetting Commodity IT Software and Firmware
(VET) program, which the agency said is designed to find innovative, large-scale approaches to verifying the security and functionality of commodity IT devices -- those commercial information technology devices bought by DOD -- to ensure they are free of hidden backdoors and malicious functionality.
DARPAs new program seeks to overcome three current, related technical challenges associated with that task: identifying which capabilities in a device could be malicious; using that list as a checklist to assess if any given device actually is malicious; and then using that knowledge to allow a non-technical expert to test every instance of every device before it gets rolled out in a Department of Defense network.
DOD relies on millions of devices to bring network access and functionality to its users, said DARPA program manager Tim Fraser in a statement. Rigorously vetting software and firmware in each and every one of them is beyond our present capabilities, and the perception that this problem is simply unapproachable is widespread. The most significant output of the VET program will be a set of techniques, tools and demonstrations that will forever change this perception.
[ Are the Iranians out to get us? See
Frankenstory: Attack Of The Iranian Cyber Warriors
. ]
The launch of DARPAs new program comes after the U.S. House of Representatives Permanent Select Committee on Intelligence in October 2012
issued a scathing report
on Chinese telecommunications companies Huawei and ZTE, saying that they cannot be trusted to be free of foreign state influence and thus pose a security threat to the United States and to our systems. The committee strongly encouraged businesses in the United States to
look elsewhere
for their technology.
That recommendation was not made based on an inspection of either vendors firmware code, but rather by reviewing the companies
business practices
. Still, the report raised a larger and much-more-difficult question: Did the devices actually contain built-in backdoors?
Unfortunately,
answering that type of question
can be quite difficult, as it necessitates both a complete review of the code base, as well as the ability to surmise which
built-in capabilities may be put to nefarious use
. Notably, one independent security expert who closely studied two different models of Huawei routers noted that
existing bugs in the firmware
, seemingly present due to sloppy coding, would have allowed a would-be attacker to compromise the devices, irrespective of any purpose-designed backdoor functionality being present.
DARPA will host a
proposers day
December 12 in Arlington, Va., to brief anyone whos interested in participating in its new VET program.

Last News

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
DARPA Looks For Backdoors, Malware In Tech Products