US spies exploiting backdoors in computer hardware?

As the world waits with bated breath for the outcome of the trial of Wikileaks whistle-blower Private Bradley Manning, and the international race to capture Edward Snowden heats up, attention has turned to the United States’ secret surveillance programme, PRISM, to see if backdoors may have been left by hardware companies for the National Security Agency to infiltrate.

Steve Blank, a technology expert and entrepreneur living and working in Silicon Valley, California, says that in his thirty-year experience in the computer industry, he wouldn’t be at all surprised if it came to light that companies such as Intel and AMD have intentionally left open a backdoor into personal computers.

Steve Blank

Speaking to Financial Review, Blank said that the revelation that the NSA could gain pre-encryption access to data on monitored machines meant that they also had a possible avenue for a virtually undetectable backdoor left open in the hardware of your computer.

Said Blank, ” Pretty much all our computers have a way for the NSA to get inside their hardware before a user can even think about applying encryption or other defensive measures. It would be less of an issue with an open-source OS, but in a closed environment there’s definitely a way to get in unnoticed. This is probably why the Russians are buying up typewriters, because there’s no backdoor there.

The NSA has a proven capacity to figure out how to read messages before and after they get encrypted. But here’s the thing – up until the mid-90s a bug in hardware would require replacing the chip. Now, however, you can simply update the microcode which tells the processor how to behave to get around a bug in the firmware and these microcode updates can be done in the BIOS, through drivers or even through a Windows update. So are AMD and Intel, two companies not on the PRISM list, the good guys, or are their products being compromised by companies like Microsoft and Apple?”

Further along in the interview, Blank noted that the NSA had already tried to do a similar thing before. He mentioned that in the early 90s they attempted to get companies in the telecommunications industry to adopt “clipper chips” which would help encrypt voice calls for better security.

However, the chips had a cryptographic key that could be hacked by the NSA to gain access to the device and monitor phone calls.

A similar method landed the NSA in hot water with the Swiss government after it was found guilty of inserting hardware-based back doors into equipment used in cryptography.

“What could be done is that intelligence agencies use a microcode update to interfere with your computer’s random number generator. Its not random, it’s a computed algorithm that spits out random numbers. Almost every piece of encryption software on your computer requires that generator to create a completely random number. If you could rig that process or figure out the algorithm, the NSA could read or break that code faster than you can type in your passphrase.