A group of researchers hailing from Europe and the US have successfully demonstrated what they are calling a hardware trojan attack on Intel’s third generation Ivy Bridge processor. It’s also very difficult to detect as the exploit is able to get by the chip’s built-in self test as well as the National Institute of Standards and Technology’s tests pertaining to random number generators.
It’s all a bit complicated but the researchers use an exploit that changes the dopant polarity of individual transistors on the chip to weaken its random number generator. They are able to successfully reduce the random number generator’s entropy from 128 bits to just 32 bits.
This makes cryptographic keys much easier to predict and it seems they only need to alter the dopant masks of “a few” of the 1.4 billion transistors on the chip to be successful. Since only a few are altered, it becomes difficult to notice among the mass of other transistors. What’s more, the researchers claim the hardware trojan can’t be exposed using optical reverse engineering due to the fact the chip’s circuitry remains unchanged.
The researchers have published a paper on their findings but if you’d prefer to skip the in-depth details, you’d be forgiven. It is worth mentioning, however, that they haven’t found any hardware trojans in the wild yet. The proof-of-concept does show that Ivy Bridge is vulnerable to hardware-level attacks that could be virtually impossible to detect.