https://lwn.net/Articles/688751/
"Worth a read: this paper [PDF][1][2] From Kaiyuan Yang et al. on how an analog back door can be placed into a hardware platform like a CPU. "In this paper, we show how a fabrication-time attacker can leverage analog circuits to create a hardware attack that is small (i.e., requires as little as one gate) and stealthy (i.e., requires an unlikely trigger sequence before effecting [sic] a chip's functionality). In the open spaces of an already placed and routed design, we construct a circuit that uses capacitors to siphon charge from nearby wires as they transition between digital values. When the capacitors fully charge, they deploy an attack that forces a victim flip-flop to a desired value. We weaponize this attack into a remotely-controllable privilege escalation by attaching the capacitor to a wire controllable and by selecting a victim flip-flop that holds the privilege bit for our processor.""
[1] Link to PDF in article: http://static1.1.sqspcdn.com/static/f/543048/26931843/1464016046717/A2_SP_2016.pdf
[2] Read PDF online as images: (Large print) https://archive.is/n43DY
[3] Read PDF online as images: (Small print) https://archive.is/7vbNp
(Score: 0, Offtopic) by Anonymous Coward on Saturday May 28 2016, @09:10PM
DNA is digital information storage that mitigates attacks by employing massive amounts of redundancy. Life is far more robust than any of your dinky little artificial hardware platforms.
(Score: 3, Interesting) by MichaelDavidCrawford on Sunday May 29 2016, @04:26AM
the shuttle had IIRC five computers. Four of the would vote on every decision. In the event of a tie, the fifth computer would take control. It's software was developed independently of the other four.
Yes I Have No Bananas. [gofundme.com]
(Score: 0) by Anonymous Coward on Sunday May 29 2016, @05:21AM
I'd like a "what is cancer" for 400, Alex.
(Score: 4, Informative) by MichaelDavidCrawford on Saturday May 28 2016, @09:49PM
It would be very, very difficult for a VLSI company to prove there is no malicious circuitry in one of its chips. They're doing pretty good if they can prove that it does everything it's intended to do.
Desktop and server hardware is not so bad but embedded chips often have lots of errata.
Yes I Have No Bananas. [gofundme.com]
(Score: 2) by RamiK on Saturday May 28 2016, @10:26PM
Can't an open design firm just tell the clients to sample 1:1000 in an acid bath and compare the circuitry with the source code output? That will move the verification process to the actual source code and tool chain at least... No?
compiling...
(Score: 2) by MichaelDavidCrawford on Saturday May 28 2016, @11:01PM
yeah if it's simple enough. But look how often even Open Source software has unintended exploits. What if a committer was actively malicious? It would not be too hard to hide an exploit in an edge case.
Yes I Have No Bananas. [gofundme.com]
(Score: 1) by anubi on Sunday May 29 2016, @10:04AM
I have had analog and transmission-line phenomena come back to bite me in the ass more times than I can remember.
No malicious intent whatsoever.
Just plain oversight.
However, once my oversight showed up, what I made may just as well be called junk no matter what the simulator said it was.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 2, Informative) by Anonymous Coward on Saturday May 28 2016, @11:58PM
Partially, but see here:
http://sharps.org/wp-content/uploads/BECKER-CHES.pdf [sharps.org]
Even if transistors match 100% under the microscope, some
of them may have their P and N doped bits switched, and
operate differently than expected under the "right" circumstances.
Only physical control of the fab, on top of a trustworthy
(read auditable, i.e. open) design toolchain will even begin
to guarantee that the chips you make will really work for
you (as opposed to against you).
(Score: 2) by butthurt on Sunday May 29 2016, @12:20AM
The NSA bought a fab in Texas, although they may be using it for other purposes:
--http://www.chron.com/news/houston-texas/houston/article/NSA-plant-in-San-Antonio-shrouded-in-secrecy-4604109.php [chron.com]
(Score: 2) by MichaelDavidCrawford on Sunday May 29 2016, @04:30AM
the chip itself is classified, but its simple existence is on a list of AES implementations somewhere out on The Tubes.
Suppose that chip foundry made nothing but AES brute-force decryptors for a year or so. How many keys could that many chips try in a year?
Yes I Have No Bananas. [gofundme.com]
(Score: 2) by MichaelDavidCrawford on Sunday May 29 2016, @04:34AM
EDA software is quite complex. It would not be hard at all to put malicious code in it that would be quite difficult to find even in an audit.
How do you know that OpenOffice isn't phoning home? It's Open Source - have you audited it yourself? Has anyone?
Yes I Have No Bananas. [gofundme.com]
(Score: 0) by Anonymous Coward on Sunday May 29 2016, @06:31AM
Hard but not impossible. That's what matters and makes all the difference in the world.
ps. LibreOffice is where all the action is these days.
(Score: 2) by RamiK on Sunday May 29 2016, @10:31AM
I tend to agree with Crawford on this one. Some code can't be audited in practice due to sheer size and complexity. We saw this with OpenSSH were the first thing done when the issues surfaces was to dump huge chunks of ancient code away and do away with much of the optimizations.
compiling...
(Score: 2) by takyon on Saturday May 28 2016, @09:54PM
Or am I going to have to edit that headline?
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 2) by butthurt on Saturday May 28 2016, @10:13PM
The original submission said "hardware."
(Score: 2) by JNCF on Saturday May 28 2016, @11:11PM
I assumed it to be a portmanteau of "malware" and "hardware," and I liked it.
(Score: 1, Informative) by Anonymous Coward on Sunday May 29 2016, @01:47AM
Or the French word "marde" (meaning 'shit') and hardware. :)
(Score: 2) by martyb on Sunday May 29 2016, @04:01AM
Since "malware" already means malevolent software, what else would you call malevolent hardware... "malardware" ? -- That sounds like something you get from a duck! =)
Wit is intellect, dancing.
(Score: 2) by JNCF on Sunday May 29 2016, @07:18AM
Malardware. [gamesniped.com]
(Score: 2) by martyb on Sunday May 29 2016, @04:07AM
Wit is intellect, dancing.
(Score: 2) by Rich on Sunday May 29 2016, @01:05AM
So, will the truly paranoid now start cooking their own CPUs? We've recently seen the discrete 6502, a while ago Jeri Ellsworth cooked her own transistors. So who's going to put all this together? A Mac Plus class 68000 would already be more or less able (and at the expense of colour or grayscale) to deal with a good amount of stuff (text, spreadsheets, diagrams) to be kept private.
(Score: 2) by bitstream on Sunday May 29 2016, @02:08AM
A MC68000 in discrete form will have a size of circa 150 x 150 cm (5x5 ft) and cost circa 19 373 - 154 986 US$ with a clock speed in the range of circa 10-100 kHz. So it's doable but not very practical.
(Score: 1) by anubi on Sunday May 29 2016, @09:24AM
That is precisely why I am building and trying to sell the Arduino concept.
I still remember when Jobs and Wozniak took on the "big iron" with a 6502. Look what came of that.
The problem I am trying to address is identical. Things have grown so damned complex that it takes a helluva lotta work to get a simple thing done.
Sometimes all you want to do is control some simple assembly robot.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 2) by zeigerpuppy on Sunday May 29 2016, @03:13PM
If you want to replicate a 68000, at least run AmigaOS on it!