TSMC today provided an update on the Company’s computer virus outbreak on the evening of August 3, which affected a number of computer systems and fab tools in Taiwan. The degree of infection varied by fab. TSMC contained the problem and found a solution. As of 14:00 Taiwan time, about 80% of the company’s impacted tools have been recovered, and the Company expects full recovery on August 6.
Taiwan Semiconductor Manufacturing Company Limited
Ambuj Kumar, CEO and co-founder of Fortanix
“The security compromise at TSMC is extremely disturbing for chipmakers because this has potential for the intellectual properties of the chipmakers to fall into wrong hands. When chipmakers supply the mask data needed to fabricate chips to TSMC, the data is result of often years or decades of R&D. Chipmakers such as Apple, NVIDIA, and Qualcomm go to extreme length to guard their trade secrets and upcoming product features and prevent manufacturing of counterfeit devices. All of that is at risk if fabrication factories such as TSMC are compromised.
At the same time, TSMC is certainly not alone to have its infrastructure compromised. Chipmakers may consider solutions such as hardware security modules to maintain the privacy of their IP even when infrastructure is compromised.
It’s not clear how such a virus would spread to production environment in multiple fab. Although TSMC has not yet reported breach of data confidentiality, extreme precaution must be taken to contain this and any future compromise because more than half of all electronics in the world are manufactured by TSMC.”
The question remains whether this was a stock virus or a sophisticated targeted industrial attack such as Stuxnet that damaged Iranian nuclear facilities.