DARPA Looks For Backdoors, Malware In Tech Products
In the wake of concerns about Huawei and ZTE equipment security, defense research agency seeks help identifying backdoors and malicious capabilities in software and firmware
Does commercial, off-the-shelf software or hardware contain built-in backdoors to give foreign attackers direct access to corporate or government networks, or pose some other type of information security risk? The Department of Defense wants to find out.
The Defense Advanced Research Projects Agency (DARPA) Thursday published details of its new Vetting Commodity IT Software and Firmware (VET) program, which the agency said is designed to find "innovative, large-scale approaches to verifying the security and functionality of commodity IT devices -- those commercial information technology devices bought by DOD -- to ensure they are free of hidden backdoors and malicious functionality."
DARPA's new program seeks to overcome three current, related technical challenges associated with that task: identifying which capabilities in a device could be malicious; using that list as a checklist to assess if any given device actually is malicious; and then using that knowledge to allow a non-technical expert to test every instance of every device before it gets rolled out in a Department of Defense network....