A team of researchers from the US and Europe has demonstrated a "hardware trojan" attack on Intel's Ivy Bridge processor. This paper (PDF) describes the exploit, which changes the dopant polarity of individual transistors to weaken the chip's random number generator. The researchers were able to reduce the random number generator's entropy from 128 to 32 bits, making cryptographic keys much more predictable. They claim the exploit is stealthy enough to pass not only the CPU's built-in self-test, but also the National Institute of Standards and Technology's tests for random number generators.
Inserting the trojan involved altering the dopant masks of "only a few" transistors. Ivy Bridge has about 1.4 billion transistors, making the small change difficult to detect. According to the researchers, the "sub-transistor" trojan can't be exposed by optical reverse engineering because the chip's circuitry remains the same.
Ars Technica has a good summary of the paper, including some commentary from one of its authors. That researcher points out that hardware trojans haven't been found in the wild. However, the proof-of-concept attack illustrates that existing chips are vulnerable to hardware exploits that may be impossible to detect.
|1. BIF - $340||2. chasp_0 - $251||3. mbutrovich - $250|
|4. Ryu Connor - $250||5. YetAnotherGeek2 - $200||6. aeassa - $175|
|7. End User - $150||8. Captain Ned - $100||9. Anonymous Gerbil - $100|
|10. Bill Door - $100|
|Intel 600P Series SSDs bring NVMe into the M.2 mainstream||2|
|Canon EOS 5D Mark IV offers more pixels and better autofocus||24|
|Adata Ultimate SU800 SSDs use floating-gate 3D NAND||4|
|Thermaltake's Core G3 ATX chassis is slim and trim||10|
|Alienware desktops with Polaris cards get caught on camera||15|
|AMD and Nvidia court gamers with new pack-in bundles||38|
|First Deus Ex: Mankind Divided patch focuses on crash fixes||33|
|Trendnet TEW-809UB makes 802.11ac connectivity portable||7|
|MasterPulse Over-ear headset can be both open and closed||13|
|Seconded. We need a paradigm shift in how these buzzwords are used!||+32|