There is a concern. But, if you are that concerned, there are hardware and software choices you can make to avoid the potentials you are bringing up.

Don't use Intel or AMD chips and DONT use Microsoft, Apple or Google products.

Just got a laptop for my daughter for her 20th birthday. It had Windows 8 on it. She dinked around with it for about an hour (took her ten minutes to figure out how to close an Internet Explorer window...etc.). She gave up and asked me to install linux on it. Put Mint on it. She had used it on my netbook, so she was somewhat used to it. No complaints from her. She says it does everything she needs it to do.

Problem solved.

A hardware back door would be vulnerable to analysis and use by any country that manufactures such chips. Software back doors have been alleged ever since Windows 1 back in the 1980s and also shown to be nitrogenous fertilizer

"Black hat" hackers or attendees at the conference of the same name would have been all over such a back doors like maggots on a corpse. What is more do you honestly think that China (or Japanese businesses) would let that pass?

Edit to add, there is (or was) a back door into the random number generators of ATMs and fruit machines but not the CPU - hence ATM hacks.

Technology isn't magic. And there are many people who know this stuff. But people still want to make shit up like this. Oh! Apple and Microsoft have backdoors to the NSA government spying networks!!!

Meanwhile there are projects like Linux which is open and available for anybody to see, review, contribute to. If there were hardware back doors to the processor chips, those dudes would know about it and it would be common knowledge.

This is nothing but tin foil hat bullshit.

Okay, first software back doors, in the code. Every time a critical security update or patch comes out for an OS, its because a back door or security hole (often times accidental in origin) has been found. So there are constant flaws being discovered, backdoors are the art of intentional flaws that are unlikely to be found.

Now as far as hardware back doors, that's utterly invisible. No on in OSS community could see them, because they lay inside microscopic chipsets, not in the source code. They could lie dormant for years, but be activated by processing instructions for render a jpg with certain qualities, (for instance) and inject stored code to be run.

What code is activated on my Linux boxes?

You speak rubbish. Utter rubbish.

Not so much Microsoft.

I think on most, you have to specifically install it.

http://packages.ubuntu.com/source/precise/intel-microcode

I may have AMD micro-code on one of my boxes. I will have to check it out.

It ain't easy being free (as in freedom)...

NT

Several ways:

1) If Intel is in on it, then you'd have to compare CPU operation of CPUs whose microcode is updated and who has its microcode off. You should be able to reverse engineer what the microcode is doing by running an instruction set test suite. This would at least tell you what is broken and what it is intending to fix. If you find something broken you can write your own software side work arounds, which while they won't be microcode level, at least then you have a working CPU, without having to have a signed microcode.

2) If Intel isn't in on it then you can check the microcode at boot time against the microcode that Intel provides, if there's a mismatch, then you're looking at microcode that may be compromised (and that would indicate that someone other than Intel has the 2048-bit RSA key, which would be a hell of a lawsuit right there).

Affecting anything from military weapons, to infrastructure like damns, to phones...

Breakthrough silicon scanning discovers backdoor in military chip
http://www.csmonitor.com/USA/2012/0607/Report-Hackers-could-access-US-weapons-systems-through-vulnerable-chip

Apparently it's a recent research discovery from Cambridge, UK.

Something tells me the NSA should've been minding its own business better, instead of snooping on the innocent public. It also might've been smart not to outsource our weapons components.

From your linked article:

Even I didn't believe that one.

It only gets applied as the OS boots. This is an OS compromise, not a hardware compromise.

eom

It is a boot level rewrite of how the CPU works (typically to fix bugs in the CPUs design). On Linux microcode is applied with modprobe, which will search and see if the Linux Kernal requires a microcode update for a faulty processor.

Microsoft does not have the RSA keys to get the CPU to verify and apply the patch. Or they shouldn't, anyway. (Compare vendor microcode to MS microcode, see if they match, if not, then something is afoot.)

An opportunity for other CPU vendors.

And to various other things as well.

There are two cases here:

1.) Linux machines do not automatically do this: we have the status quo.
2.) Linux machines do this too: Linux will migrate to other CPUs. Microcode will get much more scrutiny.

It is disconcerting that we don't have an open solution.

The CPU vendors don't want anyone to have the keys for several reasons.

1) The grenade idea you mentioned, if a CPU vendors keys were in the wild, a nefarious group could put in the very kind of backdoor mentioned in the OP, trojans, viruses, who knows.

2) The vendors use microcode to actually artificially hide the fact that many CPUs are all from the same line, and their specs are not what they seem, so an end user may pay for a $150 CPU that has the same capabilities as a $500 CPU. The vendors cannot have the end user figuring that out because they want to keep the impression of yield issues and quality issues and such.

I myself have an unlocked Phenom II X4 that I bought as a AMD Athlon II X3. Turns out that AMD was churning out a huge mess of Athlon II X3s whose cores were artificially disabled, the yields were basically too good to be true and they had to meet demand for the X3 line.

If you use a 3rd-party card, disable the onboard ethernet, you could be inaccessible.

But if it's happening automatically that the CPU microcode is getting tweaked, that's a big deal. That's a hole to drive a truck through. The CPU vendors could sell software upgrades. We could have 3rd-party CPU upgrades. I'm trying to think of upstart CPU vendors I can invest in.

But in all cases, I think you would have to build it yourself to prevent this, as it stands. Once the microcode is there, it's there.

Thanks guys...

Now I do need a tinfoil hat... WTF!?

microcode...

Does anyone know how I can make my own micro processor?

Uhm... it would be bad to wrap my motherboard in tinfoil, right?

We are more discussing consequences in the commercial, open-source, and hacker worlds. You focus all that loose mental energy on something like this, things start to happen, and I would say that energy is about to get focussed. This is red meat to a hacker.

Closest thing you can get for now until we have open CPUs and open hardware and whatnot.

And the sources for a dozen old browsers.


But I've got nothing worth hiding from the government, so they can sneak in and look if they want, I suppose. I would feel flattered.

Could a microcode hack be used to log a users activities on their computers? Theoretically yes, but CPU microcode has little to no access to other hardware on your machine, so it can't do much with it (or hold much of it). Really pulling this off would require that your computer either be specifically engineered for spying (so that every relevant chip was hacked to work together), or that a second hack be put in place at the OS level to collect the data from the CPU and store or forward it. Computers aren't magic, and it would take a massive amount of engineering to build a secondary data collection network inside of your computer purely at the hardware level, and it's entirely detectable if it's built at a software level.

And here's why you don't have to worry about it unless you're either a mobster or a foreign diplomat...there is no way they could implement this on a universal scale without detection. Possibility #1 would require the close cooperation of every engineer at every major computer manufacturer. Given the massive number of people we're talking about, and the fact that most of the boardmakers are overseas and have no particular allegiance to the United States, it's laughable to assume that universal backdooring could be pulled off without that information leaking. A far more probable scenario is this: A foreign diplomat, terrorist, or mobster orders a laptop from HP. The NSA intercepts the order and works closely with HP to send them back a "special" version with the backdoors built in just for them. That is ENTIRELY plausible, and it's the only practical way that particular backdoor could be pulled off.

Possibility #2 has a greater chance of being implemented on a global scale because, as the article points out, it could theoretically be implemented in an update patch, an otherwise benign installer, or through a staggering number of other vectors (and, to be clear, on ANY OS...this isn't a Windows thing, and it could just as easily be located in a gedit patch as in a Windows Update). But again, I doubt that they could get away with it...and you can thank hackers (of both the white and black hat variety) for that. Here's why: No matter how effectively they exploit your computer, the collected data still needs to be transmitted some way. Both the white and black hats are constantly on the hunt for new ways to exploit computers and networks, and network traffic/packets from Windows machines are one of the most closely scrutinized things out there. People examine them to locate private data, hijack networks, steal wifi, locate new exploits to gain machine access, etc. If unidentified new packets started showing up in the datastream, people WOULD notice, and they'd notice within hours of it starting.

So, yes, both of these exploit methods are possible in a lab, and they are even possible when used against specific targets, but the idea that the NSA is spying on all of our computers through microcode hacks is FUD...paranoid tin-hattery timed to take advantage of the very real abuses happening within the NSA.

No backdoor is necessary. Just look to the origin of the NSA and that should be painfully clear.

But that's all. If such a thing exists and has been implemented, it will have been done in a way that can't be easily bypassed or even detected. While a few people are interested in such things and are looking for exploits, for whatever purpose, they may not be looking in the right places to begin with.

But that's not the real issue. The fact is that most PCs and other devices that are connected to the outside world, are used by people who don't understand what's going on inside them in any way. They have Microsoft updating their equipment, or the cell service, or HP or whoever, automatically or they simple accept any update sent their way. The opportunities for trusted vendors to insert stuff into these devices are endless and ubiquitous.

And corporations probably wouldn't cringe at the highest levels at including some government-mandated tweak in an update. In fact, they'd be likely to cooperate if there was any inducement at all, and inducements are many.

Many, many years ago, when I was testing dial-up communications software for the PC for a round-up review of such software for a major magazine, one of the programs I tested was a communications program from Hayes. I was using a "Hayes-compatible" modem in the machine used to test the software. For some reason, it simply would not autodial with the Hayes software. I could send a dialing string manually through the software to force the "Hayes-Compatible" modem to pick up and dial, but the software wouldn't do it. That program was the only modem communications program that wouldn't work perfectly with my modem. Odd, huh, that a communications software program published by a modem manufacturer wouldn't work with compatible modems from another manufacturer.

Well, I was reviewing all of these programs, so I had to figure this out. I was going to write that the Hayes software wouldn't work with some "Hayes-compatible" modems, but I thought I'd dig in further.

Well, it turned out that the software was querying the modem to check whether it was a genuine Hayes modem. I found that out by monitoring the serial port and logging everything that went in and out of that port. Sure enough, I found the query to the modem, which returned a code identifying it. On any "Hayes-compatible" modem that didn't return the right code, the program would not send the correct dialing string to the modem, but sent an erroneous string.

I called Hayes, which denied that they did that query from the software and limited the software in that way. So, I sent them the log of the serial data and said, "Really?" So, they finally admitted doing that. I wrote the review and trashed the software in one of the largest PC-related magazines at the time and explained why non-Hayes brand modem users should not purchase the Hayes software. Hayes complained bitterly to the magazine's publisher and threatened to pull all of their advertising. The publisher asked, "Was anything in the article incorrect?" Of course, there wasn't.

That was the end of that, and Hayes dropped the software after sales dropped dramatically. It was lousy communications software anyhow, but nevermind.

The point here is that companies do all sorts of stuff that users aren't aware of. Nothing would surprise me. So, does the government have a backdoor in your PC, phone, or other device? It could. It could even be silent and not findable unless triggered into going active. It could be completely undetectable until some agency decided to activate it. That wouldn't surprise me at all. And there is literally nothing that can be done by users about such a back door. If it's there, and someone has a reason to activate it, the likelihood that any PC owner would know about it is almost non-existent.

So, what to do? Disconnect the device? Not practical. The answer is to use the device in a way that doesn't attract any attention from some agency that might be able to switch on a silent backdoor. That's the only thing I can think of. Clearly, intelligence agencies, both here and elsewhere, could benefit from a backdoor they could activate on any device, if needed. Since the benefit is there, I assume that they would like to have such a backdoor available. Do they have the power to get such a thing into a device. Probably, and through a corporate partner, most likely.

So, is such a thing inside your device? I don't know. But I'd assume that it is, since it would be desirable by an agency capable of seeing that it was there. That's my assumption, anyhow. But, and here's the important part, I don't really care. The benefit of being connected is critical for me. So, it's an assumption that is really meaningless to me. I'll just count on nobody giving a shit what I'm doing and go on about my activities. I can't think of any other way to proceed.

I am a computer architect who was formerly employed for one of the "top 5" computer makers in the 1990s. This was the era before the whole computing world practically standardized on Intel processors. Back then the top computer makers each had their own internally designed CPUs, and there were three to four "independent" CPU makers like Intel.

I honestly never heard anything about the government asking us to put back doors into the processors we were building. We would have fought very hard against anything that provided a back door through customer's security, sooner or later things like that get found out and many of our customer's took their security very seriously.

HOWEVER... In the 1990s, while most of what the NSA did was secret, many in the computer industry had strong suspicions about what was going on. The NSA was the single largest purchaser of computers in the world so they weren't a customer who any computer maker wanted to upset. While I don't know that they ever requested a back door, I do know that they requested features be designed into our microprocessors to optimize them for certain mathematical operations; presumably these were mathematical operations that were of particular use in decryption and the NSA wanted them to run as fast as possible.

On a related note; I also knew that the printer makers were approached by multiple governments around the world who were asking for features be put into printers to make it harder to print counterfeit currency and to enable governments to track printed pages back to the printer they came from.

I think I've written before about what a tremendously disruptive technology the general-purpose microcomputer was in the hands of citizens. Governments have spent close to three decades trying to put that genie back into the bottle.