[flyinglizard]

"backdoor" and "attack" refer to entirely distinct concepts: backdoor is, given administrative access to equipment or code, installing an hidden component that will be used later by an adversary.

"attack" is the operational word, sometimes using a backdoor but mostly just exploiting a given system to your benefit.

Coming to read this article, I'd have no problem if it stated "the most sophisticated backdoor I've ever seen", but it implied that it exposes an unprecedentedly sophisticated attack - I was expecting something operational of the Stuxnet variety, and instead I got a research paper.

If this article showed how this backdoor was embedded into a real (commercial and widely used) chip - unbeknownst to the chip maker - and later used by an actual adversary, then that would be an attack.

[c_c_c]

You do realize that Stuxnet required a failure of physical security. Either an agent inserted intentionally via USB or an employee inserted a compromised USB unwillingly. Neither should happen in a secure facility.

The paper shows simple yet sophisticated POC. The simplicity is the scary part. BTW, do you think the University of Michigan spends more on research than the NSA, GCHQ, BND, DGSE, 3PLA, etc.

[impdmnt2Prgrss]

Looking at my pay check tells me that Michigan does not pay more than said agencies :).

[mannykannot]

There is some value to precision in terminology, but here it seems to me to be merely pedantic. Are there any important practical consequences at issue here?