There are plenty of backdoors sitting on much-used computer processors, and they come in all different varieties, according to CTO of IOActive, Gunter Ollman.
“We have encountered a lot of different backdoors,” he told TechWeekEurope today, talking about some unpublished research the company hopes to put out early next year.
Recent revelations from NSA whistleblower Edward Snowden suggested agencies had corrupted encryption methods used across many Internet technologies.
Ollman said that during IOActive’s research there was one case where a random number generator on a chip stopped generating random numbers. In one case the random number generator used in generating keys switched to start using a method involving a “time-sequenced version of Pi”.
Because Pi is an almost infinite number, using it to generate numbers for encryption by picking out different digits from it can appear to be random when it isn’t, Ollman said.
“You take the 500th to the 564th characters of Pi and it passes all the pseudo-random number tests,” he told TechWeek. But obviously, whoever inserted this behaviour would be able to predict the output of the random number generator.
Ollman wants to map out the “doping of the transistors” and IOActive has a team working on reverse engineering chips. “There is no secret place,” Ollman said.
The company is planning on releasing a full report early next year, which will provide greater detail on which chips are vulnerable and why, including in-depth analyses of trusted platform modules (TPMs), which manage semiconductor-level encryption on many of the world’s popular computer chips. “We are looking at the top chips in that area,” he added.
“With TPM technology, what you’re looking for is that magic number. What is that absolute unique number that everything else depends on. That’s supposed to be a highly guarded secret.
“That number is used as the seed for the random number generator, the resetting of the device and things like that. It is also part of the key you’ll use for doing all the device level encryption.
“If you can extract that, you are in a way, way, way better position to get other pieces.
“If you get it, the key length that you want to brute force might be half of what it was.”
The IOActive team is also looking into the micro-code at the chip level, to see whether the handling of encryption is working.
IOActive has a reputation of highlighting flaws in commonly used technology. The late, great Barnaby Jack proved vulnerabilities in ATMs by drawing cash out of them, whilst recently Chris Valasek teamed up with Charlie Miller to take over a car using a laptop and an Internet connection.
What do you know about Internet security? Find out with our quiz!
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…