Five researchers from the University of Michigan have published a research paper in which they provide the technical concept of a hidden backdoor introduced not in software, but at the hardware level, where it is difficult to detect.
The scientists describe their backdoor as a rogue component hidden in the chip’s thousands of similar components. Most of these work as on/off switches, “on” being a binary 1 and “off” being a binary 0, the basic code for all digital devices.
The rogue component, instead of turning on or off, like a transistor, would work as a capacitor, a wolf in sheep’s clothing. The capacitor would store energy with every new command it receives.
Backdoor activates only when running malicious code, and then turns off
This malicious code starts the capacitor’s loading process, and after a certain threshold is reached, can direct the system into switching into a privileged execution mode.
Attackers can the run code on your device, PC, tablet, or smartphone, with system-level privileges. When the attacker stops the malicious code, the capacitor loses all charge, and the backdoor automatically closes itself.
The backdoor is the ideal plot of a James Bond movie
In the first paragraphs of their work, the five researchers explain how something like this could happen right now.
“ While the move to smaller transistors has been a boon for performance it has dramatically increased the cost to fabricate chips using those smaller transistors. This forces the vast majority of chip design companies to trust a third party—often overseas—to fabricate their design. To guard against shipping chips with errors (intentional or otherwise) chip design companies rely on post-fabrication testing. Unfortunately, this type of testing leaves the door open to malicious modifications since attackers can craft attack triggers requiring a sequence of unlikely events, which will never be encountered by even the most diligent tester. ”
In their scenario, a rogue employee would be enough. Nation states wouldn’t even need the cooperation of the parent company to insert the backdoor.
One or two strategically placed employees would guarantee them access to all the devices where the tainted chip was embedded in. Since CPUs are everywhere, the backdoor can lie in IoT devices, laptops, smartphones, tablets, or server-grade equipment.
Old techniques like visual inspection or current and temperature tracking won’t have a chance of detecting such flaws. Researchers also say that to prevent such scenarios, companies would need to invest in developing new testing technologies, which they list and describe in their paper.
The full A2: Analog Malicious Hardware research paper is available below: