> Many [counterfeits] have been seized, but any that remain in use pose the risk of causing “components to melt, burst, rupture, catch fire or explode, resulting in property damage, personal injury and death,”
Edited to add:
You might think this is different, but controlling the supply chain limits these kinds of attacks.
One way to do it is to control the chain of custody so there's a paper trail on who had access to the parts and when. The other way the pentagon is doing it is putting "dielets" into the chips so they can be verified later.
In the end it all comes down to controlling the supply chain.
And yet people got all up in arms about that guy who got convictted for counterfeiting freely downloadable Windows restoration disks by outsourcing the job to some random shop in China and making them look like official disks.
If anything, he got off easy. The world does not need more factory-backdoored OS installations.
Imagine you're a pipefitting installed in something, based on the water flowing through you would you be able to distinguish if you were in a house, fire engine, office complex, or high-rise? Would you be able to ascertain what function you served in the system?
If water is used primarily between 9-5 in large quantities: office building
If water is used during breakfast and dinner: home
Fire engines also have very distinct water usage patterns and pressures.
I bet you could easily get to >90% accuracy quickly.
1. Bridging an air gap. This would basically be a radio repeater that lets you reach other compromised components. It just needs power, and could certainly fit within one of these component packages.
2. Denial of service. The component may be a simple diode, but if it stops working, you could potentially disable a weapon, or maybe even cause it to self-destruct.
That said, I'm sure that defense contractors are very careful about where they source components. They likely have spies placed within their suppliers, and perform regular audits and teardowns of components.
Not as careful as you might expect. "Fake" IC components were found in a military 737 . Trusted ICs are a hot topic and the big players in the defense industry are working towards solutions. It's an interesting topic if you have time to read their academic papers.
I thought that's why military hardware is so expensive. You're not just paying for a radio or whatever, you're paying for an entire hardened supply chain with everything sourced from trusted manufacturers. I guess maybe that's not the case any more...
Change physical size when charged/discharged, measure sound pressure via lasers on windows or microwaves sensing cavities in concrete walls.
The victim doesn’t even need to be specifically targeted if they use commodity components whose design is known. Just arrange for the company producing parts to select a specific recipe.
Perhaps information on power consumption by the CPU, which has been used to recover encryption keys in some attacks, but that's already being leaked in most cases. The most likely scenario as I see it would be parts that deliberately amplified unintentionally leaked information (like high-resolution power usage information) more than normal, but it seems to me that normal compliance testing would detect a lot of that.
I can imagine a bug or something being hidden in a large power supply capacitor, which can have volumes of several milliliters. Maybe capacitors with a hidden transmitter mislabeled as higher values to explain the extra size.
As far as the size goes, is there any tradeoff between size and price? If there’s a more expensive design that occupies less volume, an attacker could use that design, use the extra space for the bug, then sell the whole thing as if it were the cheaper version. You probably couldn’t do this for all of your capacitors, since it would cost a lot. Maybe 1% would be enough to have a good chance of getting a bug somewhere interesting.
You put a feedback resistor in place from input to output to bias it and then capacitively couple the input and output.
Metal-gate CMOS was particularly good for this as it had an operating voltage from <3V to about 18V.
CD4049 is an inverter. If you do the trick above then you indeed get an amplifier, nonlinear and with poorly-controlled gain but an amplifier nonetheless. This isn't some kind of Easter egg; an inverter is just a high-gain amplifier that's usually allowed to saturate, so it fundamentally just does that.
Such amplifiers are not very good, but they're fast-ish and cheap. They're often used for crystal oscillators. The preferred logic series these days is 74HCU. That's "unbuffered" logic, where your inverter really is just one CMOS inverter, and not a string of three like usual. That makes the gain more stable, since the three inverters wouldn't match perfectly, and would each end up biased somewhere different.
The CD4049 hex inverter chip is a popular amplifier chip in some guitar distortion pedals due to all the reasons you mentioned (non-linear and poorly controlled gain). There were a few designs based on connecting several of the inverter stages in series.
The wiring of the MOSFETs inside has superficial similarity to an AB class dual pentode push-pull tube power amplifier and has similar qualities in the sound it produces.
Here's one article on such a design:
I thought that the 4009/4049 were the hex inverters and that the 4010/4050 were the hex buffers.
But you don't get the voltage tolerance with 74HCU (6V limit).
This was one of the interesting things about the old 4000 series because they had metal gates and thick oxide--they tended to work from less <1V (probably not for analog, though ...) the whole way to 20V (convenient for 2 9V batteries).
Old 4000 series were also notoriously vulnerable to static discharge, so I suspect that they didn't have much in the way of ESD protection (if any at all).
During chip design, there are tools (DRC and LVS) that very carefully verify that the mask has exactly what the designers intend it to have, not a single transistor more or less. This abstract mask is called GDSII (or perhaps a successor such as OASIS, the principle is the same).
Once upon a time the layers of the GDSII could be used directly to build ICs. But now chip design rules are too tricky, so the masks are tweaked post-tapeout, in order to be able to get a decent yield of functioning chips.
Still, it is possible to take actual silicon and extract the circuitry from it. This, while quite difficult to do, is routinely done by "reverse engineering" companies.
If it's your own chip you already know exactly what to expect, you actually specified every transistor there. So it would be much "easier" (ha ha) to reverse engineer to verify that your actual chip has all the circuitry, no more, no less, that you intended it to have. I wrote a little about this in an HN discussion a few years ago.
That's the theory. But in reality, does any company reverse engineer their own chips to check? Highly unlikely. Which means they're implicitly trusting TSMC (or whoever the fab is).
Not only that, what's to keep some bad actor at TSMC from inserting this circuitry into your chips perhaps 6 months after initial production. Must you repeatedly keep reverse engineering your own chips to make sure they're still unmodified?
But, as I mentioned in my earlier post, there are many IP blocks in current silicon that come from third-party suppliers. Does anyone fully understand the operation of every transistor in every IP block they bought, or they inherited from an earlier design? If I were to backdoor an IC, I'd use the third-party IP method. It would be much easier to sneak something in that way.
I'm not a hardware designer, but I imagine that restricting a backdoor to a specific block might make it much harder to cause the rest of the hardware to behave in a specific way?
Screwing with the dopants slightly in order to bias the HRNG slightly one way. Wouldn't show up even under a full visual inspection.
Becker, Regazzoni, Paar, Burleson. "Stealthy dopant-level hardware trojans." Proceedings of CHES, August 2013.
As an aside, hardware RNGs are one of the only places you can put an undetectable backdoor in a design, since they can't be verified (since they're deliberately non-deterministic). If you do hash(stuff) ^ HRNG, then the CPU can make the result whatever it wants. If you do hash(stuff ^ HRNG) then it can't.
Gave up when I reached page 10, coz other priorities took over me.
Had I know about this HN post, maybe I would had finished the entire paper.
A fab would most likely not be able to do this unless it was an extremely valuable target. But it would be pretty easy if the design team wanted it in the first place.
And that nanotechnology will be done with software that is effectively compilers, right?
Related - Hofstadter's GEB, where he discusses the observation that information is not stored on a storage medium - it's a function of the medium and the mechanism reading that medium.
> Epigenetics is the study of heritable changes in gene function that do not involve changes in the DNA sequence.
> After all, when a new cell is made, the parent replication mechanism also builds the child's replication mechanism.
The whole organism splits in two so the daughter cells' entire mechanism is half of the parent cell's mechanism.
One of the thoughts that trips me out is that each Amoeba (for example) is billions of years old.
You have to have at least two independent compiler stack development processes occurring in separate light-cones. If one happens far enough within the cone of the other you cannot trust it.
(Not actually speed-of-light-cone of course. You have the lead-time required to develop general "nanites" and then their travel time to reach the opposite side of the Earth (assuming no one is working on this off-planet. The first thing a paranoid nanotech-haver would does is detect and suborn all other nanotech labs. I call this the "Matter-Lock".)
I don't have enough backing physics to be confident on the possibility of a "matter lock". How do you detect without being detected a nanomachine that was designed vs one of the nanomachines that already exist in living organisms? Can you also expand on the goal of subsuming all the nanotech of other labs? If things obviously start breaking, that's especially going away from the "trusted trust" scenario which implies things like trojans used to passively sniff secrets and gain advantage through information when an opportunity to export the information arises. I would expect physics might allow some workarounds for that, on top of methods of outright detection like conservation laws, spectrometry...
I've finished the first of three in a sci-fi book series that has introduced the problem of what to do with an adversary that subsumes basic physics research to halt general advances, perhaps there's an entertaining hard sci-fi book you'd recommend for the "matter lock" idea? Or arxiv papers if you have any.
On the scale of hypothetical nanites the world is really really huge, so the first hurdle is figuring out how to integrate the incoming information and control the machines.
> How do you detect without being detected a nanomachine that was designed vs one of the nanomachines that already exist in living organisms?
If there are already other machines to detect then you're too late and the scenario is "toner war" as per "Diamond Age" (probably the best nanotech sci-fi novel; or maybe "Blood Music" by Greg Bear.)
If you do get there first (and you've correctly identified this as a huge existential challenge: how can you know that you're not being fed false information by the person who got there before you? You can't. If "matter lock" is possible there's no way to know if you're really first, except to try some shit and see if anyone notices and can stop you) then you have the relatively easy task of locating the other nanotech labs in the world and infecting them with your malware.
> Can you also expand on the goal of subsuming all the nanotech of other labs?
Well, if you're reading "The Three Body Problem" then that's one way. Eventually some people would start to get wise. But nanotech: you detect them and alter their brains to forget. There's always another way to contain the information if you get there early enough.
It would be easy to infect the other labs because you would be infecting every lab everywhere already.
And of course, you can always just declare yourself. Wear a purple silk cape and call yourself the Robot King. Who's going to stop you?
Anyhow, if you wanted to keep your "matter lock" a secret you would have to minimize your interventions, restrict yourself to subtle sabotage, and program every instrument to ignore the fact that every computer and robot in the entire world had a massive Trojan in it. More than that, to actively lie about it and alert you if anyone starts doing weird experiments.
Even then I suspect things would come to a head somehow and... and then I don't know what would happen.
> perhaps there's an entertaining hard sci-fi book you'd recommend for the "matter lock" idea?
Nah. There is one novel about a megalomaniacal mad scientist who achieves "matter lock" and immediately begins editing the world as he pleases. It's grotesque. FWIW it's called "The Goliath Stone" by Matthew Joseph Harrington with some sort of involvement of Larry Niven (who is otherwise one of my favorite authors, but this book is a stinker.) Just one example: the mad scientist is violently opposed to rape (okay) but he makes womens' breasts larger without asking them.
I do recommend these if you haven't read them already:
> Or arxiv papers if you have any.
No. People working on this do not publish. ;-)
I think your best metaphor is either cracking root access to the Matrix or simply becoming God. Very far removed from the "trusting trust" scenario. But also removed from physical systems. Using that sort of metaphor instead of "matter lock" will insulate any criticisms from hard science. It also reduces the existential concerns to the same level as the question of "what if we're living in a simulation?"
People do publish technical details on both MNT and non-MNT... To use an older reference I would bet that if you ran your idea by someone who has read Drexler's Nanosystems they could point something out at some layer that forbids your idea in principle at least insofar as current understanding of physics, chemistry, and biology go. If we (or some other species) can create machines that can move along a spatial dimension outside our normal 4D space-time but project itself back inside at will, sure, that's one way we're screwed, but that AFAIK has no real basis yet, it's the same concern as if we (or some other species) can root the Matrix...
Well (SPOILER ALERT!!!) the whole point of Diamond Age was that nanotech could play out in one of two ways: metered by a central authority to extract rents vs. imitating natural self-replicating systems. The deeper issue being control vs. wilderness.
That's really a psychological issue, and one we are already facing today: witness how the idea of building self-replicating 3D printers ("RepRap") to alter economic conditions became subsumed by companies trying to sell 3D printers to consumers. Most printers cost between $300 to $3000, when I should be able to go down to Noisebridge and print my own for $10.50. People have to make a living; Noisebridge is soliciting donations because their lease is up and they have to move. Can I really fault the folks trying to make a living selling printers?
Bucky Fuller pointed out that we would have the technology to take care of ourselves by sometime in the 1970's, no nanotech required, if we would just apply our resources and existing technology to our problems in an efficient manner.
> the book I mentioned was indeed 3BP but since I haven't finished the other two books my final thoughts have to wait. (Only thing I didn't like so far was the sudden FTL comms at the end...)
I've only read the first two, has the third been released in paperback yet? As for the FTL comms, I think it's really hard to make a hard-sci-fi story that's realistic and emotionally engaging over lots of light-years.
> I think your best metaphor is either cracking root access to the Matrix or simply becoming God. Very far removed from the "trusting trust" scenario. But also removed from physical systems. Using that sort of metaphor instead of "matter lock" will insulate any criticisms from hard science. It also reduces the existential concerns to the same level as the question of "what if we're living in a simulation?"
I don't think there's any hard science consideration preventing the development the machinery for "matter lock" (I'm getting tired of my own jargon at this point, lol.) At the most general level of analysis you have a decay rate and a regeneration rate and as long as the latter is sufficiently greater than the former you're golden. Keep in mind, you would control all atomic energy on the planet in this scenario.
I think it's physically, mechanically possible to suffuse the planetary envelope (the bubble-shaped space between the hard vacuum and the magma) with a communicating network of machines that could sense and affect conditions globally. (After all, life did it.)
The problem I foresee is command and control: could you coordinate it? How does one person (or group) receive, process, and transmit information to and from this system? Here we are pressed up against the so-called Hard Problem of Consciousness, which of course is directly related existential question you mention! That's the weird thing about self-reflexive consciousness: it's still a problem whether your system is "hard science" or "metaphorical" or "I'm dreaming" or whatever.
> People do publish technical details on both MNT and non-MNT...
I didn't mean that they don't, I meant that the (theoretical) people researching how to use nanotech to become Robot King don't publish.
Attaining the "ML" would be akin to becoming a local god, but how would you have to transform yourself to manage it? I believe that is the barrier, if any.
In any event, after reading "A Planet of Viruses" by Carl Zimmer  I'm pretty sure that they already have things locked down. It's a non-fiction pop-sci covering recent discoveries in biology of viruses, only 109 pages and nearly every one mind-blowing.
Read that, then "Blood Music", then Gregory Bateson's "Mind and Nature: A Necessary Unity (Advances in Systems Theory, Complexity, and the Human Sciences)" I think the Matrix is rooted... ;-)
I know weight is how you double check other manufacturing
Also, adding a few additional transistors and paths doesn't really add components to the chip in the way you think. They cause no meaningful difference in weight.
From the description of the attack though, the function charging the capacitor wouldn't have to be all that obscure.
The attack could cause a privilege escalation but if the running process that accidentally triggered it isn't asking for escalated privileges then having them won't cause harm.
The circuitry could have a discharge resistor across the capacitor causing it to drain quickly. This would require the trigger to be executed and then subsequent attack in a very short window of time.
would pki be of some help here ? where final tapeout is signed with your and their keys as well for example.
Manufacturing companies usually have to run this through preprocessing in order to make the interference lithography work properly. In the end, they produce a bunch of IC masks, and it's always possible to ""manually"" (with expensive tools) cut another hole in the mask.
The manufacturing costs of a single CPU are small once you already have a working fab, but the fabs are now the most expensive factories ever built.
Then counties -- or groups of countries -- that can't or won't fork out $20bn are going to effectively lose their independence.
Small countries lose independence mainly by having to participate in the larger trade and global economy: others, especially bigger countries, have enormous leverage.
Pick a small country, any small country outside the nuclear club. It will be a lot easier to force that country to do something it'd rather not using economic threats, or at most the threat of conventional warfare, than threatening nuclear attack.
No, but it's the opposite. The countries not having nukes can be easily pushed aside and be invaded (like Iraq, Libya, and so on) in ways countries with nukes cannot.
For nukes to buy you independence you need lots of them, lots of ICBMs/SLBMs, and if you don't have quite enough then you need some allies who have many more. NK doesn't really have allies. Russia won't be defending them. China likes to use NK as a bargaining chip, but they won't again go to war over it.
They are enough. With showing to the world "we can blow shit up if we want, especially the very near South Korea", they have the leverage to do whatever the f..k they want. If the US (or other Western countries) attempt to repeat Iraq/Libya, they'll blow up Seoul. Basically, they liberated themselves from any kind of pressure from the USA.
That, in turn, allowed NK to actually think about meaningful peace talks with South Korea. Of course, the US will still participate in the talks, but with a lot less leverage over NK - so NK will not feel coerced by the US. (Of course, SK will feel coerced a bit more, but at least in terms of nuclear weapons they're still on the upper edge given the US-SK alliance)
At least, that's what I hope: that both countries find a way back together (or at the very least, a durable peaceful coexistence), and that the NK civilian population will no longer be suffering for their leadership.
You'd be surprised what a leader want or doesn't want, especially in a time of national crisis. To "live" is more of a preoccupation for mere mortals.
Not if you cave in your main research lab and kill most of your skilled workers, as they reportedly did.
If you don't do anything stupid like that, then even one nuke is enough, assuming your adversary doesn't know where it is.
They work by the possibility of being delivered, whether those that send them will then be toast or not.
But still, you'll persist, so let's think it through.
Let's say that NK has 3 nukes. Let's say the U.S. has 1,000. Let's say all 1,003 nukes have the same yield, let's say 400K tons of TNT. And let's say both countries have ICBMs and can deliver all their nukes anywhere in the world in ~30 minutes.
Now let's say that NK strikes first and its warheads somehow get past U.S. missile defenses (maybe three nukes is what they have after missile defense). That's about 1% of the U.S. population dead. (Aside: the U.S. thenceforth will never again allow a tinpot dictator to get nukes -- from that point forwards the U.S. will undoubtedly first-strike any country trying it, and Russia and China will just have to deal with it.) Now the U.S. responds and uses only a few nukes to wipe out Pyongyang, Yongbyong, and related sites -- no missile defense there.
You might say this is an ecological disaster, but it's a blip in comparison to all the past atmospheric testing, so we'll survive.
Total tally: similar numbers of dead on both sides, about 1% of Americans, and about 12% of North Koreans.
Also affected: China's trade. You know what happens to that: total blockade by the U.S. Navy, as well as a prohibition on all Allies (big and small) trading with China, as well as canceling all American debt to China. You think a POTUS wouldn't do this if he/she had 3 million dead Americans to think about? No. Any POTUS who didn't do this would get deposed soon and the successor would impose this.
Do NK's nukes work as a deterrent? Maybe, but I think not. The U.S. has a larger nuclear deterrent vs. NK, and larger economic deterrent vs. China. KJU can die and not make that big a dent in the U.S., while the U.S. can wipe out KJU's ruling party and then some, and then too cause the deepest Depression in China, along with all the civil strife you might expect, and probably regime change in time.
It is absolutely in the interests of any POTUS to a) convey all of this to China (though that's not entirely necessary; Xi can count chips too), b) appear mad enough to ignore NK's deterrent. DJT can appear MADder than KJU. You don't have to buy it -- only Xi and KJU do, and I think recent events say they got the message.
In order to have a viable nuclear deterrent NK really needs enough return-strike nukes to get tens of them past U.S. missile defense. That's a lot of nukes, and there's not a lot of room in NK to put them without the U.S. being able to obliterate them in a first strike. So what NK really needs is that many nukes deliverable via SLBMs, and that's decidedly beyond their reach.
Yes, it's entirely possible (likely even) that KJU is aiming to pull a bait-n-switch at the coming summit with DJT. It's even entirely possible (but unlikely) that DJT will take a lesser deal out of desperation to save face. But I don't buy the latter, and I think in the end KJU will cave and give us what we want: unilateral nuclear disarmament.
High end chip manufacturing has been consolidating since it started, and this is the reason. There will be a time when only one company in the world can afford to have the very best fab, against which the others can then no longer compete.
So a big part of that cost is the r&d needed to keep current.
In any given generation, one fab will have the best tech, and another the second best, and all the other fabs have compete on price at a tiny margin or just sit that generation out and make cheap chips with thier existing machines while hoping to catch the next wave.
That means it's an industry got the deep pockets. You need to be able to take a huge loss and keep investing to stay in the game.
So it's basically Intel, and sovereign wealth funds teamed up with interventionist states like Singapore and Taiwan
The US and other western countries had and lost this industry because of free market idealism.
Or would such a modification going into all chips coming out of a factory be noticed?
Such that they didn’t even need access to the OS to read all your data.
SPOF = Single Point of Failure