I remember being back in college writing little trojans for windows and linux. Hardware trojans troubled one of my lecturers. He had been paranoid, for a great number of years, about the complexity of computer chips and during one such comversation about microcode — one of the biggest evils he could imagine — he asked his colleague “the number of years that have passed since a single person understood the complexity of a microchip”. The non-challant reply was “plenty”.
Well I wonder how he would feel after a paper was released this month showing that you can change the logic gates of a microprocessor by changing the doping of transistors. Such changes, the trojan, would not be visible (functionaly or optically) and the underlying circuitry would be unaffected. As Brucie suggests one of the best things to do with this is attack the random number generator (RNG) by lowering the entropy of random numbers. Random numbers underpin modern cryptography and should they become predictable then all security is lost.
Oh so what about that stuff with micro-code? Tbh I don’t know, the more I learned the more dangerous it seemed. Here is an excerpt from another article:
But Intel’s biggest security feature may lie in keeping the technical
details behind its BIOS Update technology a closely guarded secret. “There is
no documentation,” said Frank Binns, an architect in Intel’s
microprocessor group. “It’s not as if you can get an Intel ‘Red Book’
with this stuff written down. It’s actually in the heads of less than 10
people in the whole of Intel.
Interesting, this thing [levels of encryption within the processor that prevents malicious encrypted microcode updates] is known by a few people at Intel and bunch of people over at the NSA, a fair assumption given current revelations — I wish they’d tell me where I left my coke!