One of Silicon Valley’s most respected technology experts, Steve Blank, says he would be “surprised” if the US National Security Agency was not embedding “back doors” inside chips produced by Intel and AMD, two of the world’s largest semiconductor firms, giving them the possibility to access and control machines.
The claims come after The Australian Financial Review revealed that computers made by Chinese firm Lenovo are banned from the “secret” and “top secret” networks of the intelligence and defence services of Australia, the US, Britain, Canada and New Zealand because of concerns they are vulnerable to being hacked.
Internationally renowned security research engineer Jonathan Brossard, who unveiled what Forbesdescribed as an “undetectable and incurable” permanent back door at last year’s prestigious Black Hat conference, told the Financial Review that he had independently concluded that CPU back doors are “attractive attack vectors”.
If correct, the allegations would raise the stakes in a growing cyber cold war, and fuel claims that US snooping leaves the Chinese in the shade.
A spokesperson for Intel however said there was “no basis for these highly speculative claims”.
Mr Blank, who began his career working as a National Security Agency contractor at its Pine Gap facility, now teaches at Stanford University, writes for The Harvard Business Review and The Wall Street Journal, and in 2013 was nominated by Forbes as one of the 30 most influential people in technology.
Mr Blank said when he learned the NSA had secured “pre-encryption stage” access to Microsoft’s email products via the PRISM leaks, he recognised that “pretty much all our computers have a way for the NSA to get inside their hardware” before a user can even think about applying encryption or other defensive measures.
He said this may be why the Kremlin is returning to the use of electric typewriters. Russia’s Federal Guard Service, which protects President Vladimir Putin and Kremlin communications, says it was prompted to adopt type-writers by the scale and complexity of the NSA operations leaked by Edward Snowden.
Mr Blank is an expert in the ‘microprocessors’ or ‘chips’ inside every computer, having helped start two semiconductor companies and a supercomputer firm.
HACKING PREFERABLE TO CRACKING CODES
He said hacking equipment was preferable for the NSA, rather than cracking codes.
“They have a proven capacity to figure out how to read messages before and after they get encrypted,” Mr Blank said.
He said that up until the mid-1990s the bugs frequently found in computer microprocessors, or CPUs, could only be physically fixed by replacing the chip.
But after a 1994 bug in Intel’s chips cost the company half a billion dollars to recall, they decided to avoid this problem by ensuring all microprocessors could be automatically fixed via patches that are loaded on to your computer by the manufacturer or online through Microsoft updates.
Other chip companies, such as AMD, have adopted the same approach.
Modern computer chips contain microcode that is reprogrammable using these occasional patches. “Since 2000, Intel has distributed 29 microcode revisions to their chips, which can be downloaded on to your computer by a Microsoft security update,” Mr Blank said.
He noted that while the NSA had been “exceptionally thorough nailing down every conceivable way to tap into communications”, two conspicuous absences from the raft of high-profile technology firms named in the PRISM leaks were Intel and AMD.
“Perhaps they are the only good guys,” he said.
“Or perhaps the NSA – legally compelling the chip vendors and/or Microsoft, or working outside of them – have compromised the microcode updates that affect most computers.”
WINDOWS UPDATE OF BACKDOOR?
Mr Blank said that if an intelligence agency was able to legally acquire or independently compromise the “signing keys” used to secure microcode updates, they could also target specific computers rather than the mass market.
“They could then install a backdoor on your computer disguised as a Windows security update – and you would think everything was great,” he said.
Mr Brossard, an international security researcher who advises Commonwealth Bank and other large financial institutions, emphatically agrees.
“If you want to own the entire internet, this is how you do it because most people run Wintel,” he said.
“If you could access, or break, the crypto keys used to ‘sign’ Intel CPU updates, you basically win.”
In the early 1990s the NSA tried (and failed) to the get the US telecommunications industry to adopt a standardised “clipper chip”, which the NSA invented as a way to encrypt voice transmissions.
All new devices with Clipper chips would have a “cryptographic key” that the US government could unlock if it wanted to monitor communications.
Mr Blank said intelligence agencies could also use microcode updates to interfere with a computer’s “random number generator”.
“Every processor has a random number generator, which is a fancy term for a roulette wheel. Every piece of encryption software depends on that roulette wheel coming up random every time,” he says.
“If you rig that process, an intelligence agency could decrypt or read that supposedly unbreakable code as fast as somebody could type,” he said.
This is not mere fantasy, Mr Blank argues: “One of the NSA’s biggest intelligence coups was insertingback doors into supposedly neutral crypto equipment Switzerland sold to other countries.”