Hardware backdoor

Content sourced from Wikipedia, licensed under CC BY-SA 3.0.

A hardware backdoor is a secret access point built into a device’s physical hardware or its firmware. It can be created by secretly programming a component during manufacturing or by injecting malicious code into a chip’s firmware. They are especially a concern for smart cards and crypto processors, and people worry about possible car hacking too. Hardware backdoors are different from hardware Trojans: backdoors are built in by the original designer or during the design process, while Trojans are added later by someone else.

Why they are dangerous: hardware backdoors are hard to detect and often cannot be removed with ordinary antivirus tools. They can bypass security protections like disk encryption and may be introduced at the factory, outside the user’s control.

Notable examples and what they show (short overview):

- 2008: About 3,500 counterfeit Cisco network parts were found in the United States, some used in military and government networks.
- 2008: A demonstration showed a backdoor on a SPARC CPU using an FPGA and Linux, with hidden services.
- 2011: Jonathan Brossard’s Rakshasa backdoor could be installed by someone with physical access, re-flashing the BIOS to load a bootkit.
- 2012: Cambridge researchers found a backdoor in a military-grade FPGA that could access and modify data; later described as more of a software issue than deliberate sabotage.
- 2012: Two ZTE phones were found to carry a root-access backdoor using a hard-coded password.
- 2013: University of Massachusetts researchers proposed a way to affect a CPU’s internal cryptographic functions by impurities in transistor crystals, altering the random-number generator.
- 2013–2016: Edward Snowden documents showed NSA groups intercepting servers and network gear to install covert firmware before delivery, including BIOS exploits and spy hardware.
- 2016: University of Michigan built a hardware backdoor using analog circuit techniques so that a device could be turned on and give an attacker full access after power buildup.
- 2016: Researchers demonstrated cloning an iPhone 5C’s NAND memory to test attack limits, highlighting how backups and resets could be misused.
- 2018: Bloomberg reported that Chinese spies targeted nearly 30 U.S. companies by compromising the technology supply chain.

Ways researchers try to detect and defend against hardware backdoors:

- Detecting hidden chip insertions is an ongoing effort; some backdoors can be extremely hard to spot.
- Verifiable computing: chips include a built-in checker to prove they are performing correct calculations, with an external validator checking the checker’s results.
- Distributing trust: using multiple identical chips from separate supply chains so that at least one remains honest and maintains security.
- Non-destructive chip verification: a method called Ptychographic X-ray laminography lets researchers inspect a chip’s design and manufacture without destroying it, and it can zoom in on details to identify manufactured-for-sale chips and verify they match their intended design. This approach is currently best for chips up to a certain size, with ongoing work to improve resolution and speed.

In short, hardware backdoors pose a serious, ongoing security risk because they are embedded in the device itself and can be very hard to detect or fix. Researchers are developing new ways to verify chip integrity and trusted manufacturing to help prevent them.