[cookiengineer]

> they may host malicious versions of the KiCad software for download

Imagine someone using this as an attack vector to smuggle in exfiltration appliances in the form of hardware circuits in the KiCad software itself, so that the generated PCB files contain spyware in hardware form.

That would be a first of its kind: Supply chain attack at hardware level.

[rcxdude]

Extremely difficult to achieve undetected. Firstly just successfully smuggling a working design for spyware into the PCB design would require an impressive feat of CAD engineering, then there's no way to achieve this just with copper traces, you would need to add new components to the board. Both changes in the traces and new components would be extremely obvious in all but the most automated workflows (getting a PCB manufactured is a very manual process). It's typical to inspect the output gerber files manually for any errors, as well as for PCB manufacturers to offer a preview of their interpretation of the gerber. Similarly with the BOM, which has a different flow with a lot of human touch. Also, the techniques which would allow hiding the components within the PCB itself (which do exist) are extremely rare. The only places with the slightest chance of this working (massive organisations with a huge amount of siloing) aren't using KiCAD as a tool.

[dTal]

You're correct of course. It's wildly infeasible, prone to rapid detection, and there's no plausible profit to sneaking subtle backdoors into random KiCAD projects. Now let's brainstorm possible vectors anyway...

You could manipulate PCB traces in such a way as to leak data over RF? No topological change to the circuit and very hard to pin down.

[polishdude20]

Any data leaked would just leak more than it already does. If your data is encrypted, it would just be encrypted but louder.

[exporectomy]

Perhaps there's some chip that has some functionality enabled by a logic input. The designer intended it to be off but KiCad tied it high or low or open to turn it on instead. That functionality might enable a serial interface or reading or writing some sensitive memory or whatever that might become a vulnerability.

[ameminator]

I imagine it would be much more likely to have a "backdoor"-ed version of kicad that would phone in with intellectual property rather than PCB spyware. Making a PCB is too much like writing assembly for it to go unnoticed...

[gmueckl]

Exfiltrating KiCAD project files and manually designing a subtly backdoored version is a much more likely attack. An automatically inserted backdoor has a high risk of detection, dragging the entire plot out into the open. Stealthily phoning home is harder to detect and most small operations that would use KiCAD are probably not well equipped to detect such network traffic. The downside is of course that physical access to the product is required to install the backdoored electronics.

[londons_explore]

pcb's today contain too much 'made by hand' to hide much without the designer noticing...

It would be like photoshop trying to sneak extra people into photos without the photographer noticing.

[josefx]

So probably trivial with any shot that contains more than a dozen people the photographer barely knows?

[cookiengineer]

> pcb's today contain too much 'made by hand' to hide much without the designer noticing...

Doesn't mean the layers have to be rendered with the modified/malicious version of KiCAD. They could just try to hide it if they detect a layer with id=spyware.

I'm just saying that this would be a very sneaky way to infiltrate the hardware industry, because currently all installed versions rely on the old domain - and that's where they will pull their updates from, too. So pushing out a newer release with that "spyware" modification would be super easy to realize.

[extrapickles]

Adding an extra layer is expensive (and done in pairs). As others mentioned, when you go to manufacture your boards, you export each layer into its own file, zip them all up and then send/upload the files to your manufacturer. Either you will notice the extra files, or when you put in your order, the manufacturer will reject the order as you gave them the wrong number of files (eg: you paid for 4 layers, but sent them 6). The file format of the layers is basically a vector in ASCII of each trace, so there is little opportunity to hide extra stuff.

More and more manufacturers with online ordering show you images of what they think each layer looks like, and any modifications unless they are very slight will be detected then. You always review each layer in the manufacturers tool as there is a host of things that can go wrong (layer ordering, mirroring, alignment, copper vs solder mask vs silkscreen layer types).

Adding extra components is out too, as the Bill of Materials is exported to CSV, then imported into several component suppliers websites. Any non-basic component is carefully scrutinized for need as they are expensive (and these days hard to get) and to make sure you have everything you need to actually build the board as any non-trivial board requires multiple suppliers to provide all of the components. Even if you missed it then, assembly charges a significant amount per unique component they have to place on the board (eg: placing same resistor twice is cheaper than 2 different resistors).

Once the board is assembled, it will then likely undergo EMI testing to comply with various countries limits on how much RF can leak out of the product. In quite a few cases, final testing is done by a 3rd party lab. This basically limits whatever data exfiltration method to be short range.

If someone wanted to be evil, they would have much better luck on the software side of the product rather than at the board level.

[avian]

As a part of a highly targeted attack on a single device, maybe. It would have to involve specialist knowledge and manual work to do it. For example, something simple like sabotaging a "mic on" or "camera on" LED on might be possible on a complicated design without anyone noticing for a while. Seems a lot of work for little effect though.

Blanket automated modifying of hardware designs to add "spyware in hardware form"? I would say even "automated" part is impossible at the moment. I've never heard of automation that would understand a hardware design on a level that would be required for that.

In the end, the only modification with a good chance of being missed by the designer is the copper artwork on existing PCB layers. You might add an extra trace, or break an existing trace somewhere. But as soon as your hacked Kicad starts adding BOM items (like an extra "spyware" microprocessor or something) or even extra layers, I guarantee someone is going to notice very soon. If not for other reasons then because these things will add extra $ on someone's bill.

[theunamedguy]

There is no way this could work. The EDA tool (e.g. KiCAD) is only the first step of the fabrication process - you generate Gerbers from your KiCAD board layout, which are a highly standardized format that can be viewed in a variety of independent pieces of software. There are also multiple stages of design validation - both in the design phase, and then in the physical phase of actually inspecting your fabricated boards. The chances of any "malicious" circuitry slipping in are next to nil.

[okl]

What kind of spyware do you imagine? Rogue copper traces? Any extra parts to populate suddenly appearing on the BOM, that would be obvious.

[cookiengineer]

Well, depends on how the Q&A process is in the pipeline after the design.

What I thought of is maybe it might be feasible to sneak in some circuits that reroute e.g. a network port's traffic to a specific public IP/CnC. Depending on how complex the PCB layout is, it could be feasible to encode or modify the modulation of easy network busses (aside from ethernet).

But I guess that would involve deployment of malicious firmware or availability of a specific "malicious" chipset, too, because ethernet is quite complex in the sense that there are too many physical parts necessary to implement it in hardware form.

I was just thinking about the Q&A pipelines in the industrial process. Usually they never validate anything because of proprietary/protected intellectual property contracts, so suppliers down the line always claim it's according to specifications and that is blindly trusted by the manufacturers.

Identifying something like this is much harder in the organizational sense, because it involves a lot of time for verification down the line, and involves a lot of organizational blamestorm before anything really happens to fix it.

[okl]

If you are willing to go that far, just sell them fake ICs. No need to meddle with PCB layouts.

[londons_explore]

There are a few neat and potentially evil things you can do with copper traces alone. For example, you might be able to make a spy radio emitter[1].

Despite this, I very much doubt any software is going to be inserting those into designs automatically anytime soon!

[1]: https://en.wikipedia.org/wiki/The_Thing_(listening_device)

[mhh__]

The thing did have more than just wires, it had to have a membrane to actually work as a microphone.

[mhh__]

I think this is impossible but hypothetically you could fiddle with the EMI signature of a product to make it easier to sniff for.

Actually adding a component is a bit too james bond, although maybe you could do 1 or 2 on some enormous board but even then that's a real stretch.