14 DAY TRIAL // Five researchers from the University of Michigan have published a research paper in which they provide the technical concept of a hidden backdoor introduced not in software, but at the hardware level, where it is difficult to detect.
The scientists describe their backdoor as a rogue component hidden in the chip's thousands of similar components. Most of these are transistors and work as on/off switches, "on" being a binary 1, and "off" being a binary 0, the basic code for all digital devices.
Instead of turning on or off like a transistor, the rogue component would work as a capacitor, storing energy with every new command it receives.
Backdoor activates only when running malicious code and then turns off
The researchers say that malicious code can be targeted at that area of the chip. The code can be hidden inside a JavaScript file on a website you visit, inside a ping your computer receives via the Internet, inside a malicious piece of software you installed yourself, or even malware that secretly infects your PC.
This malicious code starts the capacitor's loading process, and after a certain threshold is reached, it can direct the system into switching into a privileged execution mode.
Attackers can the run code on your device, PC, tablet, or smartphone, with system-level privileges. When the attacker stops the malicious code, the capacitor loses all charge, and the backdoor automatically closes itself.
The backdoor is the ideal plot of a James Bond movie
In the first paragraphs of their work, the five researchers explain how something like this could happen right now.
“ While the move to smaller transistors has been a boon for performance it has dramatically increased the cost to fabricate chips using those smaller transistors. This forces the vast majority of chip design companies to trust a third party—often overseas—to fabricate their design. To guard against shipping chips with errors (intentional or otherwise) chip design companies rely on post-fabrication testing. Unfortunately, this type of testing leaves the door open to malicious modifications since attackers can craft attack triggers requiring a sequence of unlikely events, which will never be encountered by even the most diligent tester. ”
In their scenario, a rogue employee would be enough. Nation states wouldn't even need the cooperation of the parent company to insert the backdoor.One or two strategically placed employees would guarantee them access to all the devices where the tainted chip was embedded in. Since CPUs are everywhere, the backdoor can lie in IoT devices, laptops, smartphones, tablets, or server-grade equipment.
Old techniques like visual inspection or current and temperature tracking won't have a chance of detecting such flaws. Researchers also say that, to prevent such scenarios, companies would need to invest in developing new testing technologies, which they list and describe in their paper.
The full A2: Analog Malicious Hardware research paper is available below:
