
'Demonically Clever' Backdoor Hides Inside Computer Chip - Digit-Al
https://www.wired.com/2016/06/demonically-clever-backdoor-hides-inside-computer-chip/
======
Yetanfou
I'm still waiting for someone - say Raytheon, General Dynamics, Northrop
Grumman or Boeing - to find that those SMD capacitors or inductors they used
for their hardware ended up being more than just simple passive components.
The amount of space available in the package is more than enough to hide some
circuitry which can be used for other purposes ranging from bridging air gaps
to denial of service. These parts are used in positions where ample power is
available for such purposes. The device could be triggered by outside signals,
by specifically crafted power profiles, by simple timers or other means. They
could be designed to detect the location where they're used in the circuitry
and act accordingly.

~~~
cptskippy
What you're proposing isn't really possible. Sure you could hide a
microcontroller in a capacitor or diode packagebbut those components are
rudimentary with very simple functions. A diode is like a check valve in
pluming, it allows electricity to flow in a single direction. Capacitors are
slightly more complicated but still a two pin component.

Imagine you're a pipefitting installed in something, based on the water
flowing through you would you be able to distinguish if you were in a house,
fire engine, office complex, or high-rise? Would you be able to ascertain what
function you served in the system?

~~~
evv
The parent comment referenced two use-cases for such nefarious components.
Both of which seem quite possible:

1\. Bridging an air gap. This would basically be a radio repeater that lets
you reach other compromised components. It just needs power, and could
certainly fit within one of these component packages.

2\. Denial of service. The component may be a simple diode, but if it stops
working, you could potentially disable a weapon, or maybe even cause it to
self-destruct.

That said, I'm sure that defense contractors are very careful about where they
source components. They likely have spies placed within their suppliers, and
perform regular audits and teardowns of components.

~~~
areynx
>That said, I'm sure that defense contractors are very careful about where
they source components.

Not as careful as you might expect. "Fake" IC components were found in a
military 737 [1]. Trusted ICs are a hot topic and the big players in the
defense industry are working towards solutions. It's an interesting topic if
you have time to read their academic papers.

[1] [https://military.com/defensetech/2011/11/08/counterfeit-
part...](https://military.com/defensetech/2011/11/08/counterfeit-parts-found-
on-new-p-8-posiedons)

------
mattkevan
A friend of a friend designed chips in the 80s. One of his chips became a
high-end audio component if hooked up in the right way, unbeknownst to his
employer. Apparently he had a _very_ good home hifi system.

~~~
Scramblejams
Chip! Pinout! Deets!

~~~
bsder
IIRC, lots of things in the old days (1970's-ish? Popular Electronics, for
example) talked about using a 4009 or 4049 as an audio amplifier.

You put a feedback resistor in place from input to output to bias it and then
capacitively couple the input and output.

Metal-gate CMOS was particularly good for this as it had an operating voltage
from <3V to about 18V.

~~~
tripletao
CD4009 is a buffer. If you connect its input to its output, then you get a bit
of SRAM, not an amplifier.

CD4049 is an inverter. If you do the trick above then you indeed get an
amplifier, nonlinear and with poorly-controlled gain but an amplifier
nonetheless. This isn't some kind of Easter egg; an inverter is just a high-
gain amplifier that's usually allowed to saturate, so it fundamentally just
does that.

Such amplifiers are not very good, but they're fast-ish and cheap. They're
often used for crystal oscillators. The preferred logic series these days is
74HCU. That's "unbuffered" logic, where your inverter really is just one CMOS
inverter, and not a string of three like usual. That makes the gain more
stable, since the three inverters wouldn't match perfectly, and would each end
up biased somewhere different.

~~~
bsder
Huh? Is my memory faulty and I got it wrong?

I thought that the 4009/4049 were the hex inverters and that the 4010/4050
were the hex buffers.

~~~
tripletao
Oops; you're totally right. I read the datasheet title, and didn't read to the
subtitle. In any case, the trick is alive and well with 74HCU logic, good in
to the tens of MHz whenever exact gain and distortion don't matter.

[http://www.ti.com/lit/ds/symlink/cd4009ub-
mil.pdf](http://www.ti.com/lit/ds/symlink/cd4009ub-mil.pdf)

~~~
bsder
> In any case, the trick is alive and well with 74HCU logic, good in to the
> tens of MHz whenever exact gain and distortion don't matter.

But you don't get the voltage tolerance with 74HCU (6V limit).

This was one of the interesting things about the old 4000 series because they
had metal gates and thick oxide--they tended to work from less <1V (probably
not for analog, though ...) the whole way to 20V (convenient for 2 9V
batteries).

Old 4000 series were also notoriously vulnerable to static discharge, so I
suspect that they didn't have much in the way of ESD protection (if any at
all).

------
PhantomGremlin
This is quite clever, since the required addition to the "mask" (actually
multiple mask layers) to implement such a function would be quite simple.

During chip design, there are tools (DRC and LVS) that very carefully verify
that the mask has exactly what the designers intend it to have, not a single
transistor more or less. This abstract mask is called GDSII[1] (or perhaps a
successor such as OASIS, the principle is the same).

Once upon a time the layers of the GDSII could be used directly to build ICs.
But now chip design rules are too tricky, so the masks are tweaked post-
tapeout, in order to be able to get a decent yield of functioning chips.

Still, it is possible to take actual silicon and extract the circuitry from
it. This, while quite difficult to do, is routinely done by "reverse
engineering" companies.

If it's your own chip you already know exactly what to expect, you actually
specified every transistor there. So it would be much "easier" (ha ha) to
reverse engineer to verify that your actual chip has all the circuitry, no
more, no less, that you intended it to have. I wrote a little about this in an
HN discussion a few years ago.[2]

That's the theory. But in reality, does any company reverse engineer their own
chips to check? Highly unlikely. Which means they're implicitly trusting TSMC
(or whoever the fab is).

Not only that, what's to keep some bad actor at TSMC from inserting this
circuitry into your chips perhaps 6 months after initial production. Must you
repeatedly keep reverse engineering your own chips to make sure they're still
unmodified?

But, as I mentioned in my earlier post, there are many IP blocks in current
silicon that come from third-party suppliers. Does anyone fully understand the
operation of every transistor in every IP block they bought, or they inherited
from an earlier design? If I were to backdoor an IC, I'd use the third-party
IP method. It would be much easier to sneak something in that way.

[1] [https://en.wikipedia.org/wiki/GDSII](https://en.wikipedia.org/wiki/GDSII)
[2]
[https://news.ycombinator.com/item?id=11880935#11891857](https://news.ycombinator.com/item?id=11880935#11891857)

~~~
weinzierl
A few years a ago I attended a talk given by an engineer of one of the largest
American semiconductor companies. After the talk someone asked if they were
able to verify that the chips they get back from the fabs are made as
specified. The answer was that they couldn‘t but that the problem was
considered a serious concern and that their company invested resources into a
solution.

------
calebh
I interviewed at a company called Chip Scan which is a startup that aims to
detect backdoors in chip designs. I didn't end up accepting, but it did sound
like an interesting job.

------
monocasa
I've heard rumors of an even more insidious backdoor.

Screwing with the dopants slightly in order to bias the HRNG slightly one way.
Wouldn't show up even under a full visual inspection.

~~~
kwantam
Sounds like

Becker, Regazzoni, Paar, Burleson. "Stealthy dopant-level hardware trojans."
Proceedings of CHES, August 2013.

[https://sharps.org/wp-content/uploads/BECKER-CHES.pdf](https://sharps.org/wp-
content/uploads/BECKER-CHES.pdf)

~~~
yborg
Never trust a chip you didn't fab yourself. This is seriously clever work.
Bribe the right people at TSMC, and all of Apple's chips have a built-in side
channel vector. Or any other fabless organization.

~~~
fredley
This might be a silly question, but even if you do fab it 'yourself', does
that solve the problem? It might make it harder, but people can still be
bribed, or have other pressures applied to them.

~~~
anfilt
Would you put a back door in your own chip? I am not sure how bribe would work
if your the target.

~~~
AnimalMuppet
I suspect that you're thinking of bribing an organization. You're correct,
it's hard to bribe an organization to act against its own interest. But
instead, think about bribing one or two workers individuals within the
organization. That's much more doable.

------
Animats
Maybe I shouldn't have suggested this on HN in 2016.[1]

[1]
[https://news.ycombinator.com/item?id=11768980](https://news.ycombinator.com/item?id=11768980)

~~~
godelmachine
Believe me, I slogged hard for 3 months to understand the paper in 2016, when
it was made public. I was excited to learn more about how controlling the
number of electrons can change JavaScript functionality. Had the opportunity
to learn everything from dopant level to the browser level.

Gave up when I reached page 10, coz other priorities took over me.

Had I know about this HN post, maybe I would had finished the entire paper.

------
xtiansimon
I feel the same way about this as I do about, say, NSA hacking. It will never
effect most computer users--until the day it does.

------
dfox
I think that this glosses over one quite important detail: while the "RC-
integrator out of digital logic" is quite small an inconspicuous, the logic
required to activate it would be significantly more complex and almost by
definition very suspicious.

------
matt_the_bass
This is not a new threat idea. DOD has been worrying about this for years.
Perhaps the implementation of the threat is new but not the idea of the
threat.

~~~
DoctorOetker
you may be remembering this very same single transistor back-door from 2 years
ago?

~~~
IAmLiterallyAB
Yep, the article linked is from 2016. I'm actually friends with one of the
authors, the similarity tipped me off

------
slededit
That trigger circuit looks pretty big. It would be very hard to find a spot
for it in an existing layout without moving things around. Moving things
around would invalidate their timing which would be noticeable to the chip
designers.

A fab would most likely not be able to do this unless it was an extremely
valuable target. But it would be pretty easy if the design team wanted it in
the first place.

------
mirimir
I work only in VMs. So I wonder if websites accessed in VMs could charge such
capacitors in CPU cores. By default, virtual CPUs aren't mapped to particular
cores. But then, I do tend to use hardware virtualization. Maybe it'd be more
secure to avoid that?

------
carapace
Everyone here knows about "Trusting Trust", right?

And that nanotechnology will be done with software that is effectively
compilers, right?

~~~
TeMPOraL
Also living things. I sometimes wonder just how much of the information that
determine an organism is stored not in DNA, but hidden in the "runtime" state
of the replication mechanism. After all, when a new cell is made, the parent
replication mechanism also builds the child's replication mechanism.

Related - Hofstadter's GEB, where he discusses the observation that
information is not stored on a storage medium - it's a function of the medium
and the mechanism reading that medium.

~~~
carapace
I once went to a hypno-therapist who did a _germ-line_ regression (as
contrasted with a "past-life" regression) where I was lead back in time
through my familial linage to talk one of my ancestors. YMMV

> Epigenetics is the study of heritable changes in gene function that do not
> involve changes in the DNA sequence.

[https://en.wikipedia.org/wiki/Epigenetics](https://en.wikipedia.org/wiki/Epigenetics)

> After all, when a new cell is made, the parent replication mechanism also
> builds the child's replication mechanism.

The whole organism splits in two so the daughter cells' entire mechanism _is_
half of the parent cell's mechanism.

One of the thoughts that trips me out is that each Amoeba (for example) is
billions of years old.

------
yarrel
"...and here's why that's a great thing for your security!"

[https://www.wired.com/story/crypto-war-clear-
encryption/](https://www.wired.com/story/crypto-war-clear-encryption/)

------
thathappened
Can't the weight be calculated to see if additional components were added
between mock-up and production output?

I know weight is how you double check other manufacturing

~~~
Tuna-Fish
There is no method of producing a small quantity of silicon chips for cheaper
than the mass production method, meaning there are no mock-ups -- there is
just a software simulation and then the products made at the foundry.

Also, adding a few additional transistors and paths doesn't really add
components to the chip in the way you think. They cause no meaningful
difference in weight.

------
analog31
I wonder, does open source software help at all here? I mean, if you don't
know what instructions will actually be executed, because the user's compiler
is deciding how the code will run, can these hardware back doors even work?

~~~
cptskippy
Maybe? The reality is that most OSS is run from downloaded binaries and not
precompiled. Even if it were, most people would be using the exact same
compiler.

From the description of the attack though, the function charging the capacitor
wouldn't have to be all that obscure.

The attack could cause a privilege escalation but if the running process that
accidentally triggered it isn't asking for escalated privileges then having
them won't cause harm.

The circuitry could have a discharge resistor across the capacitor causing it
to drain quickly. This would require the trigger to be executed and then
subsequent attack in a very short window of time.

------
cheez
If each modification to the design is approved using a multi-key process (this
is practical, I've done this in financial trading environments), I don't see
how this would go through.

~~~
daveFNbuck
With a financial trading environment, it should be easy to tell whether the
approved plan is what got executed. How would you audit the chip manufacturer
to ensure that they're using the design you approved?

~~~
signa11
> How would you audit the chip manufacturer to ensure that they're using the
> design you approved?

would pki be of some help here ? where final tapeout is signed with your and
their keys as well for example.

~~~
na85
How do you know the chip as fabbed conforms to the final tape out?

~~~
signa11
umm, i am unaware if it is possible for manufacturing companies to make
changes like these to a design handed out. can you please explain how ?

~~~
pjc50
The design as presented to the fab is usually "GDSII" format, which is a huge
list of polygons on various layers.

Manufacturing companies usually _have to_ run this through preprocessing in
order to make the interference lithography work properly. In the end, they
produce a bunch of IC masks, and it's always possible to ""manually"" (with
expensive tools) cut another hole in the mask.

------
NPMaxwell
How much more expensive would it be to build chips in your own country? I
would think that early in the lifetime of a new CPU/GPU, the manufacturing
cost is a small portion of the cost.

~~~
Tuna-Fish
The cost of a top-of-the line fab has nearly doubled every generation, with
TSMC now estimating that a single 3nm fab costs ~$20B to build.

The manufacturing costs of a single CPU are small once you already have a
working fab, but the fabs are now the most expensive factories ever built.

~~~
cabalamat
> a single 3nm fab costs ~$20B to build

Then counties -- or groups of countries -- that can't or won't fork out $20bn
are going to effectively lose their independence.

~~~
WJW
It could be argued that true independence on a nation-state level has been
impossible for most countries ever since a small group of larger countries
started building nuclear weapons and ICBMs.

~~~
cryptonector
Nukes have nothing to do with the independence of nuke-free countries. It's
not like either any of the nuclear club countries can threaten, say, Chile,
with nuclear attack if they don't do whatever it is they want. Limited-scale
nuclear war would still be a disaster in many ways (political, ecological,
economic, cultural, risk of becoming a wider nuclear war, ...), so it can't
happen.

Small countries lose independence mainly by having to participate in the
larger trade and global economy: others, especially bigger countries, have
enormous leverage.

Pick a small country, any small country outside the nuclear club. It will be a
lot easier to force that country to do something it'd rather not using
economic threats, or at most the threat of conventional warfare, than
threatening nuclear attack.

~~~
coldtea
> _Nukes have nothing to do with the independence of nuke-free countries. It
> 's not like either any of the nuclear club countries can threaten, say,
> Chile, with nuclear attack if they don't do whatever it is they want._

No, but it's the opposite. The countries not having nukes can be easily pushed
aside and be invaded (like Iraq, Libya, and so on) in ways countries with
nukes cannot.

~~~
cryptonector
Maybe. You need a big nuclear arsenal and credible delivery vehicles. A few
nukes is not enough, as NK is finding out -- a few nukes just makes you a
bigger target. A few ICBMs with a few nukes is not enough because we have
missile defense.

For nukes to buy you independence you need _lots_ of them, lots of
ICBMs/SLBMs, and if you don't have quite enough then you need some allies who
have many more. NK doesn't really have allies. Russia won't be defending them.
China likes to use NK as a bargaining chip, but they won't again go to war
over it.

~~~
mschuster91
> A few nukes is not enough, as NK is finding out

They are enough. With showing to the world "we can blow shit up if we want,
especially the very near South Korea", they have the leverage to do whatever
the f..k they want. If the US (or other Western countries) attempt to repeat
Iraq/Libya, they'll blow up Seoul. Basically, they liberated themselves from
any kind of pressure from the USA.

That, in turn, allowed NK to actually think about _meaningful_ peace talks
with South Korea. Of course, the US will still participate in the talks, but
with a lot less leverage over NK - so NK will not feel coerced by the US. (Of
course, SK will feel coerced a bit more, but at least in terms of nuclear
weapons they're still on the upper edge given the US-SK alliance)

At least, that's what I hope: that both countries find a way back together (or
at the very least, a durable peaceful coexistence), and that the NK civilian
population will no longer be suffering for their leadership.

~~~
cryptonector
The US has a ton of leverage, mainly over China. NK can destroy Seoul with
conventional bombardment (they have something like 7,000 artillery pieces that
will take longer to find and destroy than they will to go through most of
their shells). They don't have enough nukes to get past American missile
defense. If we don't emplace missile defense around Tokyo, then I suppose they
could nuke Tokyo, and that would suck, but then what? then KJU dies. And the
thing KJU most wants: to live and rule, but mostly to live.

~~~
coldtea
> _If we don 't emplace missile defense around Tokyo, then I suppose they
> could nuke Tokyo, and that would suck, but then what? then KJU dies. And the
> thing KJU most wants: to live and rule, but mostly to live._

You'd be surprised what a leader want or doesn't want, especially in a time of
national crisis. To "live" is more of a preoccupation for mere mortals.

------
greggarious
This sounds like it would be a very powerful targeted attack, but would it be
possible at scale?

Or would such a modification going into _all_ chips coming out of a factory be
noticed?

~~~
eloff
They edit the mask used to produce the chip, not the chip. It would affect all
chips produced.

~~~
greggarious
Thanks for the clarification!

------
samstave
Someone said that while working at western digital, there were hw backdoors in
the hdd controllers.

Such that they didn’t even need access to the OS to read all your data.

------
bitL
With SGX any script kiddie will be able to write undetectable malware once a
SPOF is found (I believe some Spectre-variant was in the news recently).

~~~
chatmasta
SGX = Software Guard Instructions [0]

SPOF = Single Point of Failure

[0] [https://software.intel.com/en-us/sgx](https://software.intel.com/en-
us/sgx)

------
joewee
It’s should be noted this is from 2016.

------
gazarsgo
so like port knocking but at an electrical level, nice.

------
dredmorbius
NB: 2016

