Hacker News new | past | comments | ask | show | jobs | submit login

Random baseless speculation: intel and Qualcomm refused to add back doors as demanded by US government, probably because the companies believed they couldn’t stop China from finding out that they did. US gov said fine, no more sales. You can sell again when you add back doors.



This is actually highly credible and should not be downvoted.

Ptychographic X-ray laminography has come a long way and can image even the latest chips at the transistor level:

https://spectrum.ieee.org/xray-tech-lays-chip-secrets-bare

True, it requires a synchrotron (one of the few things that actually costs more than a chip fab), but China has those:

https://en.wikipedia.org/wiki/Shanghai_Synchrotron_Radiation...

China might not be able to make bleeding-edge 2nm chips, but it has the equipment needed to expose any backdoors in them. Publicly, worldwide, with proof. That is an existential threat to any hardware manufacturer -- getting caught doing that is a bankruptcy-level event. Until recently they didn't have to be afraid of getting caught.

Being able to image chips at the gate level or better is a critical lever in fixing the balance of power between hardware manufacturers and their customers. It's why Bunnie Huang's work on IRIS is so important:

https://news.ycombinator.com/item?id=39657936


My speculation was a lot more simple: China can blackmail or bribe internal employees to disclose the back door. Significantly less expensive and easier


The backdoors (more often, bugdoors) are known only to a very, very small number of people at each company. People with security clearances.

Things like the Intel ME are what make this arrangement work. The fact that the ME exists is public knowledge; there is a huge team of engineers at Intel who are responsible for designing it. The flaw that lets you tickle it in just the right way can be added by and known to only one or two people.

Just this year a spectacular example of one of these bugdoors was revealed in Apple's mobile chips, where an EL1 (kernel) attacker could tickle an undocumented L2 cache debugging mechanism to elevate to hypervisor/bootloader (EL2, EL3) level, and completely bypass Pointer Authentication:

https://media.ccc.de/v/37c3-11859-operation_triangulation_wh...

This hardware bugdoor (CVE-2023-38606) was discovered only because it was used against security researchers who were good enough to capture a trace of exactly what it was doing. Otherwise we would never know. We got very lucky here; there's no telling how many more of these things go undiscovered.


>intel and Qualcomm refused to add back doors as demanded by US government,

Intel ME ? Qualcomm blobs ?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: