Five researchers from the University of Michigan have published a research paper in which they provide the technical concept of a hidden backdoor introduced not in software, but at the hardware level, where it is difficult to detect.
The scientists describe their backdoor as a rogue component hidden in the chip's thousands of similar components. Most of these are transistors and work as on/off switches, "on" being a binary 1, and "off" being a binary 0, the basic code for all digital devices.
Instead of turning on or off like a transistor, the rogue component would work as a capacitor, storing energy with every new command it receives.
This malicious code starts the capacitor's loading process, and after a certain threshold is reached, it can direct the system into switching into a privileged execution mode.
Attackers can the run code on your device, PC, tablet, or smartphone, with system-level privileges. When the attacker stops the malicious code, the capacitor loses all charge, and the backdoor automatically closes itself.
The backdoor is the ideal plot of a James Bond movieIn the first paragraphs of their work, the five researchers explain how something like this could happen right now.
“ While the move to smaller transistors has been a boon for performance it has dramatically increased the cost to fabricate chips using those smaller transistors. This forces the vast majority of chip design companies to trust a third party—often overseas—to fabricate their design. To guard against shipping chips with errors (intentional or otherwise) chip design companies rely on post-fabrication testing. Unfortunately, this type of testing leaves the door open to malicious modifications since attackers can craft attack triggers requiring a sequence of unlikely events, which will never be encountered by even the most diligent tester. ”
In their scenario, a rogue employee would be enough. Nation states wouldn't even need the cooperation of the parent company to insert the backdoor.
One or two strategically placed employees would guarantee them access to all the devices where the tainted chip was embedded in. Since CPUs are everywhere, the backdoor can lie in IoT devices, laptops, smartphones, tablets, or server-grade equipment.
Read more: http://news.softpedia.com/news/researchers-develop-hardware-level-backdoor-in-computer-chips-504870.shtml#ixzz4BfOtFFFn