Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Intel chips could let US spies inside: expert

Christopher Joye and Paul Smith (via AFR) | July 30, 2013
(UPDATED - 31 July 2013) There's a possibility that the US NSA is embedding back doors inside chips produced by Intel and AMD.

But after a 1994 bug in Intel's chips cost the company half a billion dollars to recall, they decided to avoid this problem by ensuring all microprocessors could be automatically fixed via patches that are loaded on to your computer by the manufacturer or online through Microsoft updates.

Other chip companies, such as AMD, have adopted the same approach.

Modern computer chips contain microcode that is reprogrammable using these occasional patches. "Since 2000, Intel has distributed 29 microcode revisions to their chips, which can be downloaded on to your computer by a Microsoft security update," Mr Blank said.

He noted that while the NSA had been "exceptionally thorough nailing down every conceivable way to tap into communications", two conspicuous absences from the raft of high-profile technology firms named in the PRISM leaks were Intel and AMD.

"Perhaps they are the only good guys," he said.

"Or perhaps the NSA — legally compelling the chip vendors and/or Microsoft, or working outside of them — have compromised the microcode updates that affect most computers."

WINDOWS UPDATE OF BACKDOOR?
Mr Blank said that if an intelligence agency was able to legally acquire or independently compromise the "signing keys" used to secure microcode updates, they could also target specific computers rather than the mass market.

"They could then install a backdoor on your computer disguised as a Windows security update — and you would think everything was great," he said.

Mr Brossard, an international security researcher who advises Commonwealth Bank and other large financial institutions, emphatically agrees.

"If you want to own the entire internet, this is how you do it because most people run Wintel," he said.

"If you could access, or break, the crypto keys used to 'sign' Intel CPU updates, you basically win."

In the early 1990s the NSA tried (and failed) to the get the US telecommunications industry to adopt a standardised "clipper chip", which the NSA invented as a way to encrypt voice transmissions.

All new devices with Clipper chips would have a "cryptographic key" that the US government could unlock if it wanted to monitor communications.

Mr Blank said intelligence agencies could also use microcode updates to interfere with a computer's "random number generator".

"Every processor has a random number generator, which is a fancy term for a roulette wheel. Every piece of encryption software depends on that roulette wheel coming up random every time," he says.

"If you rig that process, an intelligence agency could decrypt or read that supposedly unbreakable code as fast as somebody could type," he said.

This is not mere fantasy, Mr Blank argues: "One of the NSA's biggest intelligence coups was inserting back doors into supposedly neutral crypto equipment Switzerland sold to other countries."

 

Previous Page  1  2  3  Next Page 

Sign up for Computerworld eNewsletters.