Scientists find security risk in RISC-V open-source chip architecture that China hopes can help sidestep US sanctions
The flaw allows attackers to bypass the security protections of modern processors and operating systems without administrative rights, leading to the potential theft of protected sensitive information and breaches of personal privacy.
01:52
US proposes new round of tariffs on China in latest trade war escalation
The vulnerability was confirmed by the team of Professor Hu Wei at Northwestern Polytechnical University (NPU), a major defence research institute in Shaanxi province. The researchers are experienced in hardware design security, vulnerability detection and cryptographic application safety.
It was first reported by the National Computer Network Emergency Response Technical Team/Coordination Centre of China (CNCERT) on April 24, and NPU gave further details in an official announcement on May 24.
To make CPUs run faster, they must have a suitable “translator” to communicate between software and hardware. US multinational tech companies Intel and AMD adapt complex translators that combine instructions so their CPU deals with fewer instructions. RISC-V processors tend to use translators that break up instructions so every operation runs faster.
The two routes lead to Reduced Instruction Set Computer (RISC) CPU and Complex Instruction Set Computer (CISC) CPU. In an analogy comparing them, imagine RISC-V processors giving step-by-step instructions for eating – such as pick up food, open your mouth, chew and swallow – compared with Intel processors that would issue a single command: eat.
The processors have gained attention for their openness, simplicity, modularity and scalability, having rapidly evolved since RISC-I was designed in 1980 and RISC-V was developed in 2010, both by Professor David Patterson, a professor at the University of California, Berkeley.
The recently vulnerability was revealed in the RISC-V SonicBOOM open-source code, also developed with the involvement of Patterson’s team.
RISC-V is seen as an opportunity to help accelerate China’s path to semiconductor independence via a proliferation of domestic RISC-V-based processor cores and chip products.
US lawmakers are reportedly considering sanctions to restrict China’s access to RISC-V technology because of concerns over rapid technology transfer and the Chinese industry’s adoption of the architecture.
The move could affect global tech firms, especially those with a significant consumer base in China. More importantly, it follows a history of tech sanctions that have spurred affected nations to find alternative solutions.
“By the end of 2022, about 50 different models of domestically produced RISC-V chips were in mass production in China, used primarily in embedded applications, such as industrial controls, power management, wireless connectivity, storage control and the Internet of Things,” according to the announcement by NPU.
Silicon Valley chip specialist Jim Keller, a microprocessor engineer who has worked for AMD, Apple and Intel, highlighted the limitless potential of RISC-V during a speech in March, noting its prospective role in powering unprecedented AI software applications.
CNCERT said RISC-V applications spanned stand-alone chips and integrated processor cores in large system-on-chip designs, with SonicBOOM playing a foundational role in many commercial RISC-V processor developments in China. This security risk requires vigilance from all manufacturers and stakeholders, CNCERT said.
The breakthrough is part of China’s national key R&D in processor hardware security. Initiated in 2021, the programme focused on the research and detection of hardware vulnerabilities and was carried out by CNCERT, Tsinghua University, NPU and the Institute of Microelectronics of the Chinese Academy of Sciences.
“Processor-related vulnerability mining is very challenging. The number of processor vulnerabilities included in global vulnerability libraries is far less than that of software and firmware vulnerabilities,” the NPU website said.
03:30
World’s largest contract chip maker TSMC inaugurates its first plant in Japan
The effort underscores NPU’s role as a pioneer in China’s information security education and research, and its alignment with China’s national strategic needs, according to CNERT’s report.
The university’s “information confrontation” undergraduate programme was established in 2000 and was renamed “information security” in 2009. In 2011, a National Institute of Confidentiality was established, adding “secrecy” to the curriculum. In 2018, NPU established the School of Cybersecurity.
“At present, NPU has formed distinctive disciplines such as system software and hardware security, cyberspace cognitive security and confrontation, uncrewed system security, industrial control and Internet of Things security” the NPU website said.