CPU-based backdoors

Joanna Rutkowska drives home the point that, even with the latest and greatest technologies that might protect us from all sorts of intentional and unintentional software and hardware backdoors - we still have to trust the CPU, which makes it exceedingly simple for the CIA to spy on you.

All they need is to make the CPU contain a backdoor such as this:
if (rax == MAGIC_1 && rcx == MAGIC_2) jmp [rbx]
This is:
  • Trivial to hide among the 800 million gates of a modern processor.
  • Exploitable in practically any program.
  • Practically impossible to discover.
It gets worse: it doesn't even have to be the CIA. It can be any of the governments in the various countries where your CPU might have been manufactured.

It looks like, against the most well-connected attackers, you can only consider yourself secure if you build all your own hardware, and run all your own software on it.

Comments

Popular posts from this blog

"Unreachable" beauty standards

Is the internet ready for DMARC with p=reject?

When monospace fonts aren't: The Unicode character width nightmare