Researchers Develop Hardware-Level Backdoor In Computer Chips

[Megalith]

According to researchers, this kind of backdoor would work like a capacitor and be easily hidden, embedded among a chip’s countless other components. “Old techniques like visual inspection or current and temperature tracking won't have a chance of detecting such flaws.”

…code can be hidden inside a JavaScript file on a website you visit, inside a ping your computer receives via the Internet, inside a malicious software you installed yourself, or even malware that secretly infects your PC. This malicious code starts the capacitor's loading process, and after a certain threshold is reached, can direct the system into switching into a privileged execution mode. Attackers can the run code on your device, PC, tablet, or smartphone, with system-level privileges. When the attacker stops the malicious code, the capacitor loses all charge, and the backdoor automatically closes itself.

 

[DrLobotomy]

I was under assumption that newer Intel chips were already back-doored.

 

[DocSavage]

Well good thing all of our processors manufactured in other counties are safe from the CIA.

 

[CVNet1]

I thought China had already done this with some of the military grade chips that were illegally procured from China. Back doors that could disable minor things like radar systems in fighter jets if we were engaging Chinese forces. Here's a 2012 story about it.

 

[HTElectrical]

"I thought China had already done this with some of the military grade chips that were illegally procured from China. Back doors that could disable minor things like radar systems in fighter jets if we were engaging Chinese forces."



Do you actually verify something before posting it, or at least read the comments?

 

[BloodyIron]

Well I guess I'm going back to my stone tablet and smoke signals.

 

[Jagger100]

I thought China had already done this with some of the military grade chips that were illegally procured from China. Back doors that could disable minor things like radar systems in fighter jets if we were engaging Chinese forces. Here's a 2012 story about it.

If we're sourcing parts from a non-ally we are not a moral people and we deserve to lose. The only problem I have with it is young military will bare the brunt and not the people who have sold us out.

 

[Deleted member 93354]

During the cold war we knew Russia was stealing our trade secrets and using them for themselves. One such trade secret was a pressure control unit for pipelines. Well in a declassified document the NSA knew about this and set it out as a honey pot for the Russians to grab. And they installed it. By the time they realized there was a severe critical flaw in the design which could make it easy to sabotage, it was too late. Way too much money and time was spent and it couldn't be fixed easily. It was one of the things that brought the Soviet Union to their knees and forced them to come to the negotiating table with Reagan.

Reliance on any military components that aren't passive (ie: IC's, logic gates, voltage and current regs, etc) is just insanity. I'm not so much worried about things like nuclear plants as there are plenty of manual procedures and override valves (Provided the pumps still work) to force a cold shutdown. And every country knows of the terrible fallout of a nuclear plant affects everyone.

However distribution centers are a key risk and word is these have been probed and possibly compromised. A simple altering of the sync signal by >1/600th a second could blow out entire sub stations. A large scale failure would make the great depression look like a holiday as it would take years to manufacture everything needed to make new distribution nodes....YEARS without electricity for the vast vast majority of the united states...think about that for a second. Idiots in New York went dumpster diving after 5 days from Hurricane Sandy.

When it comes to national security I still think old non-conncted tech is some of the best tech.

 

[CreatedTheMultiverse]

A large scale failure would make the great depression look like a holiday as it would take years to manufacture everything needed to make new distribution nodes....YEARS without electricity for the vast vast majority of the united states...think about that for a second. Idiots in New York went dumpster diving after 5 days...

You just made investing in solar panels seem a lot more important to me. I could get some hot bitches just for having lights on at night and hot water. Might have to add a garden too as that whole vegan/vegatarian craze is going on lately.

 

[lcpiper]

Five researchers from the University of Michigan have published a research paper in which they provide the technical concept of a hidden backdoor introduced not in software, but at the hardware level, where it is difficult to detect.

Read more: Researchers Develop Hardware-Level Backdoor in Computer Chips

Well, just reading the opening paragraphs I am thinking "woo hoooo", someone has been doing too much ganja while on the keyboard.

Sending commands to a capacitor ? Am I that far behind the power curve that I missed something like "smart" capacitors? WTF over?

What I am thinking is that just maybe this technical concept is like many other concepts that never actually make it. Maybe it's just the choice of an example that is throwing me off.

 

[DocSavage]

Well, just reading the opening paragraphs I am thinking "woo hoooo", someone has been doing too much ganja while on the keyboard.

Sending commands to a capacitor ? Am I that far behind the power curve that I missed something like "smart" capacitors? WTF over?

What I am thinking is that just maybe this technical concept is like many other concepts that never actually make it. Maybe it's just the choice of an example that is throwing me off.

Doesn't seem any less likely than this thing.

 

[Deleted member 93354]

Well, just reading the opening paragraphs I am thinking "woo hoooo", someone has been doing too much ganja while on the keyboard.

Sending commands to a capacitor ? Am I that far behind the power curve that I missed something like "smart" capacitors? WTF over?

What I am thinking is that just maybe this technical concept is like many other concepts that never actually make it. Maybe it's just the choice of an example that is throwing me off.

Never heard of a time delay circuit using a capacitor?

a 1/0/1/0/1/0 sequence wouldn't trigger it. Not enough time to build up power between drain events. 1/1/1/1/1/1 would induce a trigger as the capacitor has time to charge and the excess spill over energy bleed over to the booby trap circuit.

 

[lcpiper]

Never heard of a time delay circuit using a capacitor?

a 1/0/1/0/1/0 sequence wouldn't trigger it. Not enough time to build up power between drain events. 1/1/1/1/1/1 would induce a trigger as the capacitor has time to charge and the excess spill over energy bleed over to the booby trap circuit.

No, this is not my area of expertise but it seems you are and are not thrown by the article so I defer

 

[NoNRG]

No, this is not my area of expertise but it seems you are and are not thrown by the article so I defer

I'd say the author doesn't understand the concept very well either. DigitalGriffin's explanation is much more clear than the parts you are referring to in the article. At least the author provided the source whitepaper directly in the article.

Edit: Wired picked up the story also.
This ‘Demonically Clever’ Backdoor Hides In a Tiny Slice of a Computer Chip

 

[lcpiper]

I'd say the author doesn't understand the concept very well either. DigitalGriffin's explanation is much more clear than the parts you are referring to in the article. At least the author provided the source whitepaper directly in the article.

Edit: Wired picked up the story also.
This ‘Demonically Clever’ Backdoor Hides In a Tiny Slice of a Computer Chip

Again, this is a concept only, it might prove out, it might not.

 

[Deleted member 93354]

No, this is not my area of expertise but it seems you are and are not thrown by the article so I defer

When a capacitor is drained (empty) it acts very much like a ground. All the energy gets shunted to the cap. But as it fills up, slowly more and more voltage/current go to the rest of the circuit. If that circuit includes a zener diode, it breaks down and starts conducting electricity. So the circuit remains passive until the zener breaks down. This is why hot spotting and normal circuit detection method analysis would be hard to spot these things because the booby trap circuit is always powered down.

Now lets say it's a binary input with a CRC checksum on the end. A 1 would charge the capacitor, and a 0 drain it. If it charges for a long enough time then boom, the zener breaks down and the booby trap is activated. It could be impossible to detect because you might have a CRC attached to the binary stream. With a CRC it's near impossible to make a perfect stream of 1's. But if you created a malformed packet with an intentionally bad CRC (which is something no one in testing would really pay much attention to....) Boom! Booby trap sprung.

 

[lcpiper]

But the title bothers me, why call it a backdoor and suggest manufacturers could implement it?

A backdoor is for unauthorized access, you can't have an "authorized backdoor" because then it's not a backdoor, it's just an access method. Why would a manufacturer create an unauthorized means of access unless you are also saying illegal means of access?