"Unhackable" MORPHEUS Chip Passes Its First Public Test, DARPA's FETT Bug Bounty, Unhacked

The University of Michigan's MORPHEUS chip, the testbed for a new approach to creating a computing device its creators claim is "unhackable," has completed its first real world test: passing a DARPA bug bounty challenge unscathed.

Publicly unveiled two years ago, MORPHEUS is an implementation of a security approach combining encryption with what its creators have dubbed "churning:" Randomly shuffling code and data 20 times every second, making it incredibly difficult for an attacker to pinpoint where data is located in order to exploit vulnerabilities into exposing private data or executing arbitrary code.

"Imagine trying to solve a Rubik’s Cube that rearranges itself every time you blink," Professor Todd Austin explains of the concept of churning and how it assists in creating an "unhackable" system. "That's what hackers are up against with MORPHEUS. It makes the computer an unsolvable puzzle."

“Today’s approach of eliminating security bugs one by one is a losing game. Developers are constantly writing code, and as long as there is new code, there will be new bugs and security vulnerabilities. With MORPHEUS, even if a hacker finds a bug, the information needed to exploit it vanishes within milliseconds. It’s perhaps the closest thing to a future-proof secure system."

Claiming something is "unhackable" and it actually being unhackable are, of course, two very different things — the Titanic was famously promoted as unsinkable, after all. Entering a RISC-V-based MORPHEUS implementation into the DARPA Finding Exploits to Thwart Tampering (FETT) bug bounty challenge, then, was a make-or-break moment for Todd and his team — and one the chip appears to have passed with flying colours, with no vulnerabilities found during the challenge.

"I'm excited to see how MORPHEUS evolves now that it has proven itself in FETT, and as security becomes a more and more pressing challenge in the tech world," says Austin. "We are adapting the technology to protect the most sensitive data in the cloud, including medical and genomic data, biometrics and financial credentials."

Details of the MORPHEUS architecture are available in the original paper from 2019, published under open access terms in the Proceedings of the Twenty-Fourth International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS '19). Its creators, meanwhile, are continuing to develop the system through a spin-off company dubbed Agita Labs.