The Australian Financial Review ran a speculative yet hugely compelling story a couple of days ago, claiming that a couple of leading Silicon Valley experts believe the NSA (US’ National Security Agency) may have a hardware-level backdoor engineered into the products sold by two of the biggest semiconductor manufacturers around, AMD and Intel.
According to the AFR, Steve Blank, a highly-respected Silicon Valley expert, says he would “surprised” if the NSA has not embedded “back doors” into chips made and sold by AMD and Intel. Such back doors could give the NSA “the possibility to access and control machines,” says the AFR article.
This comes off the heels of another AFR story stating that Lenovo-manufactured computers have been banned from “secret” and “top secret” networks of the intelligence and defense services of various countries, including Australia, the USA, Great Britain, Canada, and New Zealand because of concerns that they could be easily hacked. Lenovo is a Chinese company.
Another boffin, Jonathan Brossard, supports Blank’s speculative opinion. He reportedly has independently concluded that CPU back doors are “attractive attack vectors.” Brossard is an internationally renowned security research engineer, per the AFR.
For its part, Intel says there is “no basis for these highly speculative claims.”
The AFR has gone into some impressive depth and detail in describing the mechanism behind exploiting these theoretical CPU back doors present in virtually all of the world’s PCs.
Basically, because a processor’s microcode can be modified through official channels – either through Microsoft as a security update, or by a manufacturer-issued patch – it’s fairly easy to gain access to any machine running either an AMD or Intel CPU. As the AFR notes, the NSA has been “exceptionally thorough nailing down every conceivable way to tap into communications.” Quite curiously, AMD and Intel are two of the most notable absences on the list of high-profile tech firms fingered in the highly-publicized PRISM leaks a couple of months ago.
Brossard says, quite chillingly, “If you want to own the entire internet, this is how you do it because most people run Wintel.”