
This ‘Demonically Clever’ Backdoor Hides in a Tiny Slice of a Computer Chip - arnaudbud
https://www.wired.com/2016/06/demonically-clever-backdoor-hides-inside-computer-chip/
======
andrewfromx
Every time a malicious program—say, a script on a website you visit—runs a
certain, obscure command, that capacitor cell “steals” a tiny amount of
electric charge and stores it in the cell’s wires without otherwise affecting
the chip’s functions. With every repetition of that command, the capacitor
gains a little more charge. Only after the “trigger” command is sent many
thousands of times does that charge hit a threshold where the cell switches on
a logical function in the processor to give a malicious program the full
operating system access it wasn’t intended to have. “It takes an attacker
doing these strange, infrequent events in high frequency for a duration of
time,” says Austin. “And then finally the system shifts into a privileged
state that lets the attacker do whatever they want.”

~~~
andrewfromx
That capacitor-based trigger design means it’s nearly impossible for anyone
testing the chip’s security to stumble on the long, obscure series of commands
to “open” the backdoor. And over time, the capacitor also leaks out its charge
again, closing the backdoor so that it’s even harder for any auditor to find
the vulnerability.

------
gumby
Clever.

