Furthermore, the function can only be accessed on a customer-programmed device only if that customer's passcode is also supplied, the company said.

"Customers have an option to program their chosen passcode to increase the security; however, Actel/Microsemi does not tell its customers that a special fuse must be programmed in order to get the backdoor protected with both the passcode and backdoor keys," the researchers said in a on Friday.

Also, even if a customer passcode is used to protect the backdoor function, that passcode can be recovered in hours with the PEA technique, the researchers said.

Microsemi could not confirm if the key extraction attack described by the two researchers is possible, because it didn't have access to the technology and hardware setup they claim to have used, the company said.

In response, the researchers pointed out that the PEA technique is described in QVL's patent and is, therefore, publicly available.