The administration of U.S. President Joe Biden had asked for information deemed confidential about semiconductor makers’ inventories, lead times, clients, and suppliers.
Sounds like good information to resolve some of the most critical issues with the chip shortage. The semiconductor industry has such a long supply chain that it is very susceptible to interruptions. Maybe the U.S. government can help to untie some of the snags?
Anyway, this could be huge for the auto industry, given that they’ve been totally hobbled by the shortages. Then again, the auto industry would do much better if it didn’t have antiquated designs that require thousands of chips instead of consolidating into fewer chips like Tesla has done. I have my eye on a first automobile, so I hope it gets handled soon so the second hand market’s not so ridiculously hot.
The US Puppet Masters wanna make 100% sure that China doesn’t use its own version of ME on those chips, because spying illegally on US citizens should only be done by their own overlords. All hail BigTech and their lover Uncle Sam.
The information requested does not include information about chip designs or audits. Stop spreading FUD.
If they wanted to check if there’s some weird ME, the chip makers can easily radio scan a chip/SoC/board and read the corresponding flash chips. This is a somewhat solved problem.
easily radio scan a chip/SoC/board and read the corresponding flash chips. This is a somewhat solved problem.
do you have some more details on this process?
It’s called supply chain security, they use x-rays and tamper proof video systems for relevant manufacturing chains, e.g. for routers.
I know it’s a box to tick at our hardware engineer’s manufacturing form, I guess there are documentaries or marketing material on youtube if you want to see how it works in detail.
Thanks for the info.
Don’t want to add to any unfounded FUD.
But would be curious to get your take on for example the work of Yang & Sylvester from UMich?
The basic experiment is eg. a plausible lithographic error can produce an inter-bus capacitance, which can be charged by an extremely specific sequence of unprivileged ASM instructions. When sufficiently charged it will set a single bit in a target register to perform malicious functionality.
Such supply chain corruption could be achieved via a second statistically plausible binning error for example. And would be virtually immune to detection by digital benchmarking etc.
Even at wafer level inspection it would be difficult to spot, let alone assign malicious intent without considerable allocation of resources.
IMO the point here isn’t to focus on a single attack, but rather to recognise the inherent & probably endless arms race.
IMO the point here isn’t to focus on a single attack, but rather to recognise the inherent & probably endless arms race.
True.
statistically plausible binning error
Plausible, yes. Feasible? I don’t know about that. These things often work well in laboratory environments and don’t scale to “the outside”. There are easier ways to get information out of a system, e.g. software 0days.
Yes that is true and i did have similar thoughts, for example getting a precisely stable control over eg. activation frequency while maintaining a plausible litho mask error could be tricky to make it reproducible.
On the other hand, the previously mentioned research was from a relatively small team - whereas a very well resourced team could likely produce something robust and ready for real-world. Though perhaps would likely need to be more targeted rather than a shotgun approach attack.
In any case I only started down this topic of discussion since i saw the opportunity to talk about hardware implants (which is fun to discuss), but probably doesn’t so much suit the news article in the op for the FUD-type reasons you mentioned.
