Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search


(12,958 posts)
Wed Jul 31, 2013, 02:56 AM Jul 2013

Expert Says NSA Have Backdoors Built Into Intel And AMD Processors


One of Silicon Valley’s most respected technology experts, Steve Blank, says he would be “surprised” if the US National Security Agency was not embedding “back doors” inside chips produced by Intel and AMD, two of the world’s largest semiconductor firms, giving them the possibility to access and control machines.


The claims come after The ­Australian Financial Review revealed that computers made by Chinese firm Lenovo are banned from the “secret” and “top secret” ­networks of the intelligence and defence services of Australia, the US, Britain, Canada and New Zealand because of concerns they are vulnerable to being hacked.

If correct, the allegations would raise the stakes in a growing cyber cold war, and fuel claims that US snooping leaves the Chinese in the shade.


Another expert, Jonathan Brossard, who works in the field of Penetration Testing says he has demonstrated proof of this concept and proved what is almost an undetectable and incurable back door. He did so at last years black hat conference and has arrived at the same conclusion as Steve Blank. This is all made possible by the fact Intel and AMD can update the microcode on the small reprogrammable part of the CPU which gets updated every time a Microsoft update is installed. Thus the NSA can theoretically be part of this microcode and could be involved in exploiting it since they work so closely with Microsoft and other technology companies.


This means that encryption is meaningless. They have pre-encryption access to everything.

The hits just keep on coming.

43 replies = new reply since forum marked as read
Highlight: NoneDon't highlight anything 5 newestHighlight 5 most recent replies
Expert Says NSA Have Backdoors Built Into Intel And AMD Processors (Original Post) AgingAmerican Jul 2013 OP
little bit fud PowerToThePeople Jul 2013 #1
Yes AgingAmerican Jul 2013 #2
I don't have time to build my own computer... Agschmid Jul 2013 #39
Install Linux Mint AgingAmerican Jul 2013 #40
The hits just keep on coming? Yeah, it's a regular hit parade. Asshats. Th1onein Jul 2013 #3
This report is bullcarp intaglio Jul 2013 #7
I call bullshit on this. longship Jul 2013 #4
You seem to have a mix up with hardware and software. napoleon_in_rags Jul 2013 #9
And my mother was the queen of Romania. longship Jul 2013 #10
here is some microcode that could be activated PowerToThePeople Jul 2013 #19
You can disable microcode on Linux boxes. joshcryer Jul 2013 #22
true. PowerToThePeople Jul 2013 #25
Check your BIOS updates, too, it may be applying them. joshcryer Jul 2013 #26
Cool this AgingAmerican Jul 2013 #38
All you need to do is read the Lenovo story: napoleon_in_rags Jul 2013 #37
It isn't necessarily true that an Intel chip backdoor would be found. Waiting For Everyman Jul 2013 #11
A backdoor can be discovered, but non-trivially. joshcryer Jul 2013 #16
What about this one? Waiting For Everyman Jul 2013 #32
I'm amused by the idea that it was a maybe a 'bug.' joshcryer Jul 2013 #33
That was reaching pretty far to come up with an explanation, alright. Waiting For Everyman Jul 2013 #34
Yeah, microcode is boot level, it is not a rewrite. joshcryer Jul 2013 #13
Hasn't that been everyone's assumption, all along? Same w/commercially available encryption? leveymg Jul 2013 #5
Sorry, I had at least ONE illusion left. Th1onein Aug 2013 #43
K&R DeSwiss Jul 2013 #6
Nothing Would Surprise Me cantbeserious Jul 2013 #8
Microsoft again. nt bemildred Jul 2013 #12
Microcode can be implemented in any OS. joshcryer Jul 2013 #14
"which gets updated every time a Microsoft update is installed" nt bemildred Jul 2013 #15
Or whenever a Linux microcode patch is released... joshcryer Jul 2013 #17
Are you saying Linux uses Microsoft microcode patches? nt bemildred Jul 2013 #18
The microcode is released by the CPU vendors. joshcryer Jul 2013 #20
That could get interesting. Sort of like a grenade. bemildred Jul 2013 #21
FWIW, I have applied microcode patches to CPUs on numerous occasions. bemildred Jul 2013 #23
Same here. joshcryer Jul 2013 #24
You still have to have a network port. bemildred Jul 2013 #27
Great... whttevrr Jul 2013 #28
Nothing to do at the moment, I'm not. bemildred Jul 2013 #30
Use Linux, disable the microcode, use OpenBIOS. joshcryer Jul 2013 #29
I have some quite ancient machines which can still surf well-enough too. bemildred Jul 2013 #31
The "'spying" capabilities of microcode would be very, very limited. Xithras Jul 2013 #35
I think this posting shows an utter lack of understanding of how the NSA works 1-Old-Man Jul 2013 #36
It's all very interesting, on an academic sort of basis. MineralMan Jul 2013 #41
I can provide one fact about the NSA and microprocessor companies. SlipperySlope Jul 2013 #42


(9,610 posts)
1. little bit fud
Wed Jul 31, 2013, 03:11 AM
Jul 2013

There is a concern. But, if you are that concerned, there are hardware and software choices you can make to avoid the potentials you are bringing up.



(12,958 posts)
40. Install Linux Mint
Wed Jul 31, 2013, 12:34 PM
Jul 2013

Just got a laptop for my daughter for her 20th birthday. It had Windows 8 on it. She dinked around with it for about an hour (took her ten minutes to figure out how to close an Internet Explorer window...etc.). She gave up and asked me to install linux on it. Put Mint on it. She had used it on my netbook, so she was somewhat used to it. No complaints from her. She says it does everything she needs it to do.

Problem solved.


(8,170 posts)
7. This report is bullcarp
Wed Jul 31, 2013, 05:27 AM
Jul 2013

A hardware back door would be vulnerable to analysis and use by any country that manufactures such chips. Software back doors have been alleged ever since Windows 1 back in the 1980s and also shown to be nitrogenous fertilizer

"Black hat" hackers or attendees at the conference of the same name would have been all over such a back doors like maggots on a corpse. What is more do you honestly think that China (or Japanese businesses) would let that pass?

Edit to add, there is (or was) a back door into the random number generators of ATMs and fruit machines but not the CPU - hence ATM hacks.


(40,416 posts)
4. I call bullshit on this.
Wed Jul 31, 2013, 03:38 AM
Jul 2013

Technology isn't magic. And there are many people who know this stuff. But people still want to make shit up like this. Oh! Apple and Microsoft have backdoors to the NSA government spying networks!!!

Meanwhile there are projects like Linux which is open and available for anybody to see, review, contribute to. If there were hardware back doors to the processor chips, those dudes would know about it and it would be common knowledge.

This is nothing but tin foil hat bullshit.


(3,991 posts)
9. You seem to have a mix up with hardware and software.
Wed Jul 31, 2013, 07:02 AM
Jul 2013

Okay, first software back doors, in the code. Every time a critical security update or patch comes out for an OS, its because a back door or security hole (often times accidental in origin) has been found. So there are constant flaws being discovered, backdoors are the art of intentional flaws that are unlikely to be found.

Now as far as hardware back doors, that's utterly invisible. No on in OSS community could see them, because they lay inside microscopic chipsets, not in the source code. They could lie dormant for years, but be activated by processing instructions for render a jpg with certain qualities, (for instance) and inject stored code to be run.


(40,416 posts)
10. And my mother was the queen of Romania.
Wed Jul 31, 2013, 07:20 AM
Jul 2013

What code is activated on my Linux boxes?

You speak rubbish. Utter rubbish.


(3,991 posts)
37. All you need to do is read the Lenovo story:
Wed Jul 31, 2013, 11:48 AM
Jul 2013

Its inside the hardware:

Apparently, the ban stems from concerns that Lenovo, which is partially owned by the Chinese government’s Academy of Sciences, has built “malicious circuits” into their machines.


One possible use for a chip of that kind would be to make a Kill Switch, to remotely shut down a computer at will, or to establish back doors for even more nuanced infiltration.

None of this need have anything to do with code. A certain series of unique steps a processor could execute would trigger the shutdown for instance, and its hard wired in.

Waiting For Everyman

(9,385 posts)
11. It isn't necessarily true that an Intel chip backdoor would be found.
Wed Jul 31, 2013, 08:40 AM
Jul 2013
Since 2000, Intel has put out 29 microcode updates to their processors. The microcode is distributed by 1) Intel or by 2) Microsoft integrated into a BIOS or 3) as part of a Windows update. Unfortunately, the microcode update format is undocumented and the code is encrypted. This allows Intel to make sure that 3rd parties can’t make unauthorized add-ons to their chips. But it also means that no one can look inside to understand the microcode, which makes it is impossible to know whether anyone is loading a backdoor into your computer.

The Dog That Never Barked

The NSA has been incredibly thorough in nailing down every possible way to tap into communications. Yet the one company’s name that hasn’t come up as part of the surveillance network is Intel. Perhaps they are the only good guys in the entire Orwellian mess.Slide07

Or perhaps the NSA, working with Intel and/or Microsoft, have wittingly have put backdoors in the microcode updates. A backdoor is is a way of gaining illegal remote access to a computer by getting around the normal security built-in to the computer. Typically someone trying to sneak malicious software on to a computer would try to install a rootkit (software that tries to conceal the malicious code.) A rootkit tries to hide itself and its code, but security conscious sites can discover rootkits by tools that check kernel code and data for changes.

But what if you could use the configuration and state of microprocessor hardware in order to hide? You’d be invisible to all rootkit detection techniques that checks the operating system. Or what if you can make the microprocessor random number generator (the basis of encryption) not so random for a particular machine? (The NSA’s biggest coup was inserting backdoors in crypto equipment the Swiss sold to other countries.)

Rather than risk getting caught messing with everyone’s updates, my bet is that the NSA has compromised the microcode update signing keys giving the NSA the ability to selectively target specific computers. (Your operating system ensures security of updates by checking downloaded update packages against the signing key.) The NSA then can send out backdoors disguised as a Windows update for “security.” (Ironic but possible.)

That means you don’t need backdoors baked in the hardware, don’t need Intel’s buy-in, don’t have discoverable rootkits, and you can target specific systems without impacting the public at large.

Two Can Play the Game

A few months ago these kind of discussions would have been theory at best, if not paranoia. Slide09The Prism disclosures prove otherwise – the National Security Agency has decided it needs the ability to capture all communications in all forms. Getting inside of a target computer and weakening its encryption or having access to the plaintext of encrypted communication seems likely. Given the technical sophistication of the other parts of their surveillance net, the surprise would be if they haven’t implemented a microcode backdoor.

The downside is that 1) backdoors can be hijacked by others with even worse intent. So if NSA has a microcode backdoor – who else is using it? and 2) What other pieces of our infrastructure, (routers, smartphones, military computers, satellites, etc) use processors with uploadable microcode?

And that may be why the Russian president is now using a typewriter rather than a personal computer.



(62,287 posts)
16. A backdoor can be discovered, but non-trivially.
Wed Jul 31, 2013, 09:11 AM
Jul 2013

Several ways:

1) If Intel is in on it, then you'd have to compare CPU operation of CPUs whose microcode is updated and who has its microcode off. You should be able to reverse engineer what the microcode is doing by running an instruction set test suite. This would at least tell you what is broken and what it is intending to fix. If you find something broken you can write your own software side work arounds, which while they won't be microcode level, at least then you have a working CPU, without having to have a signed microcode.

2) If Intel isn't in on it then you can check the microcode at boot time against the microcode that Intel provides, if there's a mismatch, then you're looking at microcode that may be compromised (and that would indicate that someone other than Intel has the 2048-bit RSA key, which would be a hell of a lawsuit right there).

Waiting For Everyman

(9,385 posts)
32. What about this one?
Wed Jul 31, 2013, 10:22 AM
Jul 2013

Affecting anything from military weapons, to infrastructure like damns, to phones...

Breakthrough silicon scanning discovers backdoor in military chip

Apparently it's a recent research discovery from Cambridge, UK.

Something tells me the NSA should've been minding its own business better, instead of snooping on the innocent public. It also might've been smart not to outsource our weapons components.


(62,287 posts)
33. I'm amused by the idea that it was a maybe a 'bug.'
Wed Jul 31, 2013, 10:30 AM
Jul 2013

From your linked article:

More likely, it might be merely an overlooked feature left over from a period of early development, some say.

You don't have an AES key back door during development.

Indeed, the paper even says this:

One could possibly argue that the backdoor we discovered is a bug or something overlooked by the developers. However, this is not the case as we performed intensive investigation into this problem and found proof that the backdoor was deliberately inserted and even used as a part of the overall security scheme. The backdoor feature was designed as a part of the JTAG security protection mechanism and traces can be found in the Actel’s Libero FPGA design software. Anyone with this free software installed on their Microsoft Windows machine can go to the Search option in the Start menu and search for one of the fuse names taken from Actel generated STAPL file. For example, search for the word ULUWE in all files. This will return all STAPL files together with templates and algorithm description files. Inside some of those files there is a proof of the designed backdoor feature.


(62,287 posts)
13. Yeah, microcode is boot level, it is not a rewrite.
Wed Jul 31, 2013, 08:57 AM
Jul 2013

It only gets applied as the OS boots. This is an OS compromise, not a hardware compromise.



(27,137 posts)
6. K&R
Wed Jul 31, 2013, 04:29 AM
Jul 2013
“Authority, when first detecting chaos at its heels, will entertain the vilest schemes to save its orderly facade.”

~V for Vendetta


(62,287 posts)
14. Microcode can be implemented in any OS.
Wed Jul 31, 2013, 09:01 AM
Jul 2013

It is a boot level rewrite of how the CPU works (typically to fix bugs in the CPUs design). On Linux microcode is applied with modprobe, which will search and see if the Linux Kernal requires a microcode update for a faulty processor.


(62,287 posts)
20. The microcode is released by the CPU vendors.
Wed Jul 31, 2013, 09:15 AM
Jul 2013

Microsoft does not have the RSA keys to get the CPU to verify and apply the patch. Or they shouldn't, anyway. (Compare vendor microcode to MS microcode, see if they match, if not, then something is afoot.)


(90,061 posts)
23. FWIW, I have applied microcode patches to CPUs on numerous occasions.
Wed Jul 31, 2013, 09:21 AM
Jul 2013

And to various other things as well.

There are two cases here:

1.) Linux machines do not automatically do this: we have the status quo.
2.) Linux machines do this too: Linux will migrate to other CPUs. Microcode will get much more scrutiny.


(62,287 posts)
24. Same here.
Wed Jul 31, 2013, 09:28 AM
Jul 2013

It is disconcerting that we don't have an open solution.

The CPU vendors don't want anyone to have the keys for several reasons.

1) The grenade idea you mentioned, if a CPU vendors keys were in the wild, a nefarious group could put in the very kind of backdoor mentioned in the OP, trojans, viruses, who knows.

2) The vendors use microcode to actually artificially hide the fact that many CPUs are all from the same line, and their specs are not what they seem, so an end user may pay for a $150 CPU that has the same capabilities as a $500 CPU. The vendors cannot have the end user figuring that out because they want to keep the impression of yield issues and quality issues and such.

I myself have an unlocked Phenom II X4 that I bought as a AMD Athlon II X3. Turns out that AMD was churning out a huge mess of Athlon II X3s whose cores were artificially disabled, the yields were basically too good to be true and they had to meet demand for the X3 line.


(90,061 posts)
27. You still have to have a network port.
Wed Jul 31, 2013, 09:51 AM
Jul 2013

If you use a 3rd-party card, disable the onboard ethernet, you could be inaccessible.

But if it's happening automatically that the CPU microcode is getting tweaked, that's a big deal. That's a hole to drive a truck through. The CPU vendors could sell software upgrades. We could have 3rd-party CPU upgrades. I'm trying to think of upstart CPU vendors I can invest in.

But in all cases, I think you would have to build it yourself to prevent this, as it stands. Once the microcode is there, it's there.


(2,345 posts)
28. Great...
Wed Jul 31, 2013, 10:05 AM
Jul 2013

Thanks guys...

Now I do need a tinfoil hat... WTF!?


Does anyone know how I can make my own micro processor?

Uhm... it would be bad to wrap my motherboard in tinfoil, right?


(90,061 posts)
30. Nothing to do at the moment, I'm not.
Wed Jul 31, 2013, 10:12 AM
Jul 2013

We are more discussing consequences in the commercial, open-source, and hacker worlds. You focus all that loose mental energy on something like this, things start to happen, and I would say that energy is about to get focussed. This is red meat to a hacker.


(62,287 posts)
29. Use Linux, disable the microcode, use OpenBIOS.
Wed Jul 31, 2013, 10:07 AM
Jul 2013

Closest thing you can get for now until we have open CPUs and open hardware and whatnot.


(90,061 posts)
31. I have some quite ancient machines which can still surf well-enough too.
Wed Jul 31, 2013, 10:16 AM
Jul 2013

And the sources for a dozen old browsers.

But I've got nothing worth hiding from the government, so they can sneak in and look if they want, I suppose. I would feel flattered.


(16,191 posts)
35. The "'spying" capabilities of microcode would be very, very limited.
Wed Jul 31, 2013, 11:09 AM
Jul 2013

Could a microcode hack be used to log a users activities on their computers? Theoretically yes, but CPU microcode has little to no access to other hardware on your machine, so it can't do much with it (or hold much of it). Really pulling this off would require that your computer either be specifically engineered for spying (so that every relevant chip was hacked to work together), or that a second hack be put in place at the OS level to collect the data from the CPU and store or forward it. Computers aren't magic, and it would take a massive amount of engineering to build a secondary data collection network inside of your computer purely at the hardware level, and it's entirely detectable if it's built at a software level.

And here's why you don't have to worry about it unless you're either a mobster or a foreign diplomat...there is no way they could implement this on a universal scale without detection. Possibility #1 would require the close cooperation of every engineer at every major computer manufacturer. Given the massive number of people we're talking about, and the fact that most of the boardmakers are overseas and have no particular allegiance to the United States, it's laughable to assume that universal backdooring could be pulled off without that information leaking. A far more probable scenario is this: A foreign diplomat, terrorist, or mobster orders a laptop from HP. The NSA intercepts the order and works closely with HP to send them back a "special" version with the backdoors built in just for them. That is ENTIRELY plausible, and it's the only practical way that particular backdoor could be pulled off.

Possibility #2 has a greater chance of being implemented on a global scale because, as the article points out, it could theoretically be implemented in an update patch, an otherwise benign installer, or through a staggering number of other vectors (and, to be clear, on ANY OS...this isn't a Windows thing, and it could just as easily be located in a gedit patch as in a Windows Update). But again, I doubt that they could get away with it...and you can thank hackers (of both the white and black hat variety) for that. Here's why: No matter how effectively they exploit your computer, the collected data still needs to be transmitted some way. Both the white and black hats are constantly on the hunt for new ways to exploit computers and networks, and network traffic/packets from Windows machines are one of the most closely scrutinized things out there. People examine them to locate private data, hijack networks, steal wifi, locate new exploits to gain machine access, etc. If unidentified new packets started showing up in the datastream, people WOULD notice, and they'd notice within hours of it starting.

So, yes, both of these exploit methods are possible in a lab, and they are even possible when used against specific targets, but the idea that the NSA is spying on all of our computers through microcode hacks is FUD...paranoid tin-hattery timed to take advantage of the very real abuses happening within the NSA.


(2,667 posts)
36. I think this posting shows an utter lack of understanding of how the NSA works
Wed Jul 31, 2013, 11:14 AM
Jul 2013

No backdoor is necessary. Just look to the origin of the NSA and that should be painfully clear.


(146,371 posts)
41. It's all very interesting, on an academic sort of basis.
Wed Jul 31, 2013, 12:53 PM
Jul 2013

But that's all. If such a thing exists and has been implemented, it will have been done in a way that can't be easily bypassed or even detected. While a few people are interested in such things and are looking for exploits, for whatever purpose, they may not be looking in the right places to begin with.

But that's not the real issue. The fact is that most PCs and other devices that are connected to the outside world, are used by people who don't understand what's going on inside them in any way. They have Microsoft updating their equipment, or the cell service, or HP or whoever, automatically or they simple accept any update sent their way. The opportunities for trusted vendors to insert stuff into these devices are endless and ubiquitous.

And corporations probably wouldn't cringe at the highest levels at including some government-mandated tweak in an update. In fact, they'd be likely to cooperate if there was any inducement at all, and inducements are many.

Many, many years ago, when I was testing dial-up communications software for the PC for a round-up review of such software for a major magazine, one of the programs I tested was a communications program from Hayes. I was using a "Hayes-compatible" modem in the machine used to test the software. For some reason, it simply would not autodial with the Hayes software. I could send a dialing string manually through the software to force the "Hayes-Compatible" modem to pick up and dial, but the software wouldn't do it. That program was the only modem communications program that wouldn't work perfectly with my modem. Odd, huh, that a communications software program published by a modem manufacturer wouldn't work with compatible modems from another manufacturer.

Well, I was reviewing all of these programs, so I had to figure this out. I was going to write that the Hayes software wouldn't work with some "Hayes-compatible" modems, but I thought I'd dig in further.

Well, it turned out that the software was querying the modem to check whether it was a genuine Hayes modem. I found that out by monitoring the serial port and logging everything that went in and out of that port. Sure enough, I found the query to the modem, which returned a code identifying it. On any "Hayes-compatible" modem that didn't return the right code, the program would not send the correct dialing string to the modem, but sent an erroneous string.

I called Hayes, which denied that they did that query from the software and limited the software in that way. So, I sent them the log of the serial data and said, "Really?" So, they finally admitted doing that. I wrote the review and trashed the software in one of the largest PC-related magazines at the time and explained why non-Hayes brand modem users should not purchase the Hayes software. Hayes complained bitterly to the magazine's publisher and threatened to pull all of their advertising. The publisher asked, "Was anything in the article incorrect?" Of course, there wasn't.

That was the end of that, and Hayes dropped the software after sales dropped dramatically. It was lousy communications software anyhow, but nevermind.

The point here is that companies do all sorts of stuff that users aren't aware of. Nothing would surprise me. So, does the government have a backdoor in your PC, phone, or other device? It could. It could even be silent and not findable unless triggered into going active. It could be completely undetectable until some agency decided to activate it. That wouldn't surprise me at all. And there is literally nothing that can be done by users about such a back door. If it's there, and someone has a reason to activate it, the likelihood that any PC owner would know about it is almost non-existent.

So, what to do? Disconnect the device? Not practical. The answer is to use the device in a way that doesn't attract any attention from some agency that might be able to switch on a silent backdoor. That's the only thing I can think of. Clearly, intelligence agencies, both here and elsewhere, could benefit from a backdoor they could activate on any device, if needed. Since the benefit is there, I assume that they would like to have such a backdoor available. Do they have the power to get such a thing into a device. Probably, and through a corporate partner, most likely.

So, is such a thing inside your device? I don't know. But I'd assume that it is, since it would be desirable by an agency capable of seeing that it was there. That's my assumption, anyhow. But, and here's the important part, I don't really care. The benefit of being connected is critical for me. So, it's an assumption that is really meaningless to me. I'll just count on nobody giving a shit what I'm doing and go on about my activities. I can't think of any other way to proceed.


(2,751 posts)
42. I can provide one fact about the NSA and microprocessor companies.
Wed Jul 31, 2013, 09:29 PM
Jul 2013

I am a computer architect who was formerly employed for one of the "top 5" computer makers in the 1990s. This was the era before the whole computing world practically standardized on Intel processors. Back then the top computer makers each had their own internally designed CPUs, and there were three to four "independent" CPU makers like Intel.

I honestly never heard anything about the government asking us to put back doors into the processors we were building. We would have fought very hard against anything that provided a back door through customer's security, sooner or later things like that get found out and many of our customer's took their security very seriously.

HOWEVER... In the 1990s, while most of what the NSA did was secret, many in the computer industry had strong suspicions about what was going on. The NSA was the single largest purchaser of computers in the world so they weren't a customer who any computer maker wanted to upset. While I don't know that they ever requested a back door, I do know that they requested features be designed into our microprocessors to optimize them for certain mathematical operations; presumably these were mathematical operations that were of particular use in decryption and the NSA wanted them to run as fast as possible.

On a related note; I also knew that the printer makers were approached by multiple governments around the world who were asking for features be put into printers to make it harder to print counterfeit currency and to enable governments to track printed pages back to the printer they came from.

I think I've written before about what a tremendously disruptive technology the general-purpose microcomputer was in the hands of citizens. Governments have spent close to three decades trying to put that genie back into the bottle.

Latest Discussions»General Discussion»Expert Says NSA Have Back...