Hacker News new | ask | show | jobs
by pydry 238 days ago
When has anybody ever been hacked via a foundry?

While having your own foundry is undoubtedly a good thing from the perspective of supply chain resiliency, if hacking is what you're worried about there are probably easier ways to mitigate (e.g. a bit more rigor in QC).
4 comments
kragen 237 days ago
Roughly everybody you've ever met, 100% of the time.

There's a reason the NSA can get Intel CPUs without IME and you can't. Given the incentives and competence of the people involved, it's probably an intentional vulnerability that you can't escape because you don't fab your own chips. There's strong circumstantial evidence that Huawei got banned from selling their products in the US for doing the same thing. And the Crypto AG backdoor (in hardware but probably not in silicon) was probably central to a lot of 20th-century international relations, though that wasn't publicly known until much later.

And this is before we get into penny-ante malicious hardware like laser printer toner cartridges, carrier-locked cellphones, and HDMI copy protection.

No amount of QC is going to remove malicious hardware; at best, it can tell you it's there.

link
pydry 236 days ago
I can. Purism and system76 disable the IME.

This is also a completely different threat model but whatever.

link
kragen 236 days ago
I think they're using me_cleaner, which does appear to work, but using software to disable a hardware backdoor is inherently unreliable.
link
pydry 233 days ago
Either way this isnt a foundry covertly inserting a back door. It is a foundry openly inserting a back door and turning it into a feature.

A small country that imports these chips and wanted to protect its national security by providing "me disabled" chips wouldnt need a whole foundry of its own to turn it off or to verify that there isnt a "hidden" ME. The cost of this would probably run into low millions not billions.

link
purplehat_ 237 days ago
Not exactly what you're asking, but multiple CVEs have been found in Intel's Management Engine (ME) which have been used in spyware.

It might not be an intentional backdoor, but it very much seems designed with out-of-band access in mind, with the AMT remote management features and the fact that the network controller has DMA (this enables packet interception).

link
IAmBroom 237 days ago
"When" is what we will likely never know, given the subterranean depth of trust and visibility there. Probably never...
link
aa-jv 238 days ago
Do you know what "your" CPU is doing? Do you really?
link
lisbbb 237 days ago
I always figured the spy crap was programmed right in to the chips themselves and the BIOS.
link