Indeed, the SIA and international organs are drawing up protocols for verifying sources of components, because this counterfeiting is a big issue for no less than:
1. The US
2. Japan
3. S. Korea
4. Germany
5. Malaysia
6. Taiwan
and on and on and on. There’s lots of money being lost by legit vendors as a result of this grey-market crap out of the PRC. I won’t even get into the even more formidable “counterfeit bolt and steel” issue that is out there.
The one chipset(s) where I could see insertion of rogue logic are ethernet interfaces. They’re now a commodity and usually no one even thinks about whether or not they’re correct, much less genuine any more. When I was at cisco, we had quite a little “scandal” with ethernet (back then 10/100, ie, pre-gig) chipsets that didn’t implement collision back-off correctly and some chipsets would silently drop the frame or jam the wire inside the timing windows. No one else was aware of it, not even the vendors, until Xerox PARC debugged the problem on our boxes with an oscilloscope. PARC came to us and said “Look, we have conclusive evidence that these chipsets on these particular ethernet interfaces on these routers implement the spec incorrectly on collision back-off. What do you think?”
Well, what we thought after duplicating the problem(s) was to contact the chip vendors. Much stony silence ensued, until we made legal noises. Then there were some fixes... but still, we had a lot of product out there with defective chips. On lightly loaded networks, no one really noticed... but on a loaded network, oh yea, you’d see the network’s total bandwidth collapse in some situations as a result.
So could someone put a frame sniffer into an ethernet chipset? Sure. Would it be noticed before triggered? Probably not. The industry doesn’t even notice when chipsets don’t meet published specs as it is now. At least some military applications of discrete and analog components require testing in adverse environments where failures will be seen. The PC’s, laptops and routers that the DOD is buying? Feh.
And let’s not even worry about a sniffer logic package. Just insert logic that makes the interface go deaf on receipt of a “magic packet payload pattern” and spew out to a wire or multicast group broadcast address a similar packet, so all other nodes on that ethernet go deaf as well. It wouldn’t take up much in the way of gates. Get some government idiot to surf to a porn site, the response contains the magic byte pattern, the surfer’s computer goes deaf and then takes down everyone else on his switched or bridged network.
The only company I know of who really takes security seriously is IBM. They’re more serious than the DOD or government about security. eg, they ban Siri use on their networks or inside their plants..... because they don’t know for how long or where Apple is storing the voice recordings of input to Siri. Back in the 80’s, IBM was more serious about their own security than the DOD was about US security. IBM knew that DES was compromised from the get-go... and the NSA talked them into keeping the differential crypto vulnerability quiet for years...
Dave that’s a great anecdote. Indeed, in higher function chips you could indeed do quite a bit with, say, “test modes.”
However, I think you’d have to agree that it would take orders of magnitude more design skill to intentionally accomplish a malicious backoff anomaly like you described, much less a commanded problem, than is required to merely design the primary functionality.
“Never attribute to malice what can be sufficiently explained by incompetence.”
So it’s certainly possible in high level SOCs and ethernet macs, but other musings (not yours) elicited by these type articles about wakeup routines in passives and discretes is silly.
I would extend your scenario a bit, though. You’re correct that those parts are commodities. And they are generally core-limited, so the cost is proportional to die area. The only saving grace is that for the very critical commodity type parts you describe, in order for them to be a commodity by definition there has to be high volumes, and thus the front company would have to take a pretty good hit financially to pump those into the channel.
This goes back to the procurement people ought to be on the lookout for these kind of anomalies, not just Mcpain and Levin boycotting quote-unquote chicom parts.
A North Korean design house tapes out an ethernet chip with the magic packet command you’re talking about. They get it fabbed through a south korean agent in Taiwan, package it in Singapore, ship it to a USA distributor under a “FuTech” shell brand of some kind. It’s not a counterfeit. It’s not a knock off. It’s not from china. It passes functional tests.
That’s my point on here. The fraud is one thing, costing companies money. The ESPIONAGE potential is far beyond the scope of “boycotting china” which is all these political pinheads and newswriters seem to understand.