Dave that’s a great anecdote. Indeed, in higher function chips you could indeed do quite a bit with, say, “test modes.”
However, I think you’d have to agree that it would take orders of magnitude more design skill to intentionally accomplish a malicious backoff anomaly like you described, much less a commanded problem, than is required to merely design the primary functionality.
“Never attribute to malice what can be sufficiently explained by incompetence.”
So it’s certainly possible in high level SOCs and ethernet macs, but other musings (not yours) elicited by these type articles about wakeup routines in passives and discretes is silly.
I would extend your scenario a bit, though. You’re correct that those parts are commodities. And they are generally core-limited, so the cost is proportional to die area. The only saving grace is that for the very critical commodity type parts you describe, in order for them to be a commodity by definition there has to be high volumes, and thus the front company would have to take a pretty good hit financially to pump those into the channel.
This goes back to the procurement people ought to be on the lookout for these kind of anomalies, not just Mcpain and Levin boycotting quote-unquote chicom parts.
A North Korean design house tapes out an ethernet chip with the magic packet command you’re talking about. They get it fabbed through a south korean agent in Taiwan, package it in Singapore, ship it to a USA distributor under a “FuTech” shell brand of some kind. It’s not a counterfeit. It’s not a knock off. It’s not from china. It passes functional tests.
That’s my point on here. The fraud is one thing, costing companies money. The ESPIONAGE potential is far beyond the scope of “boycotting china” which is all these political pinheads and newswriters seem to understand.
Oh yea, I’m all about the economic issue first and foremost.
For me, the #1 issue is that this rampant fraud on the part of importers and PRC companies undercuts *entire industries* which we, the US, should make sure we have because they’re “strategically important.”
There used to be declarations of “strategically important” industries in the US supply chain. Electronics manufactures were one such, as well as steel, munitions, etc.
At the rate this “Free trade” idiocy is going, however, I fully expect to wake up one day and find out that the DOD has allowed Alliant Techsystems to be sold to the PLA. You know, the guys who run the Lake City munitions plant? Stock ticker ATK? They make great hairy gobs of 5.56 and 7.62 ammo? There’s nothing so strategically stupid I put it beyond the ability of the “free trade uber alles” crowd to accomplish now.
That said, I agree with you that it would take some skill to accomplish a malicious, remote-commanded problem in an Ethernet chipset, but it wouldn’t be too difficult for the PLA and their minions. The logic is already there in the chip to go deaf or go promiscuous, to do all the other functions I’ve described, so all you’d need to add would be a state machine and a byte-wise scanner to look for the pattern.
Everything it could do, however, would also be easy to do it with remotely inserted s/w, and the PLA has proven that they’re quite capable in the cyber-warfare realm and quite active too. I offer the NIC chipset scenario as a possibility when (if) Microsoft and the US Government (GSA and DOD) come up with software security strong enough to make the PLA’s cyberwarfare mission so difficult they have to resort to it. Right now, there’s so many avenues in through software, hardware attacks are low on the PLA’s priority list.
The PLA front company(ies) could take huge hits financially to accomplish this. Consider the hits the PLA businesses take when they screw up, or that their government is going to take *right now* as their economy’s idiotic devotion of huge resources into “see-through cities” comes to light. By “see through cities” I mean just that: There are huge tracts of apartment/condo buildings that have been built with state-backed financing that have no occupants - because the people cannot afford them. The PRC is finding out that the “if you build it, they will come” works only when people are rich enough to have a choice of “Well, I can go to the city with my bankroll and get an apartment... or I can milk these two cows and plow my field with them, lest my family starve” is tilted towards the former option. They’ve about exhausted the number of people who can do the first option... hence the see-through cities.
In the PRC, financial losses don’t carry the same sting as they do here. There’s no investigation, the whole thing is pretty much swept under fine silk rugs and ignored. Their current account surplus with the US means they don’t have to care. Yet another “own goal” for the “free trade” movement.
As to the other things you’ve discussed on this thread: Yea, I just don’t see any credence to the idea of trying to plant something into discrete components. Sure, they’re probably utter crap, out of tolerance and without reliability.... so there are doubtless higher failure rates, but trap doors? Nah, not seeing that. To pull off the trap, I’d speculate that they pull off my method: A seemingly mundane, absolutely ubiquitous chip with higher order functionality. Ethernet or other interface chips meet this description, because as long as they work... no one is going to give a rat’s rear end what might be activated via JTAG other other interfaces...
Now in the SOC... holy crap, is there opportunity for mischief. Everyone using a SOC is usually using it for reasons of cost-cutting, so if someone with seemingly credible rep comes along offering you 10K+ pieces at 20% off... SOC users will typically leap at that deal. I saw that too... and we were one of the first router vendors using SOC’s. The first SOC router we shipped was based on Moto’s Dragonball chip. The SOC was actually the second biggest COGS in the box, the DRAM was #1. No one is going to bother trying to do anything in DRAM chips - you could peel back the container, take a look with a common optical microscope and spot the “This bunch of gates doesn’t look like all the others” in a second of cursory examination.
But stuffing something in to a SOC? Easy. IBM told us just how easy and how much room there was left over on the silicon for most SOC’s. Their Cell Power Architecture building blocks left us gob-smacked at what IBM could fit onto a commodity-sized piece of silicon... back then, they were pitching us four CPU’s (without MMU or FPU), a whole bunch of interface logic, memory and cache controllers, the DRAM for cache, etc, etc. Utterly fantastic stuff... and that was back in 2000. What was bleeding edge for IBM back then is probably idiot level stuff now.
In the end, I foresee some of the tightest security stuff going back to custom FPGA’s which are programmed by either trusted vendors or the NSA/CIA/DOD with controlled distribution. Spendy, but much more secure.
Here’s why, BTW: