Hardware backdoor

Hardware backdoors are backdoors in hardware.

In most cases hardware backdoors involve code inside hardware − such may reside in the firmware of computer chips. In other cases, the backdoors may be directly implemented as hardware Trojans in the integrated circuit.

Hardware backdoors can undermine security in smartcards and other cryptoprocessors unless investment is made in anti-backdoor design methods. They have also been considered for car hacking.

Severity
Hardware backdoors are considered highly problematic because:
 * 1) They can’t be removed by conventional means such as antivirus software
 * 2) They can circumvent other types of security such as disk encryption
 * 3) They can be injected at manufacturing time where the user has no degree of control

Examples

 * The FBI reported that 3,500 counterfeit Cisco network components were discovered in the US with some of them having found their way into military and government facilities.
 * In 2011 Jonathan Brossard demonstrated a proof-of-concept hardware backdoor called "Rakshasa" which can be installed by anyone with physical access to hardware. It uses coreboot to re-flash the BIOS with a SeaBIOS and iPXE benign bootkit built of legitimate, open-source tools and can fetch malware over the web at boot time.
 * In 2012 Dr Sergei Skorobogatov, from the University of Cambridge computer laboratory and Woods controversially stated that they found a backdoor in a military grade FPGA device which could be exploited to access/modify sensitive information.  It has been said that this was proven to be a software problem and not a deliberate attempt at sabotage that still brought to light the need for equipment manufacturers to ensure microchips operate as intended.
 * In 2012 two mobile phones developed by Chinese device manufacturer ZTE have been found to carry a backdoor to instantly gain root access via a password that has been hard-coded into the software. This was confirmed by security researcher Dmitri Alperovitch.
 * In 2013 Researchers with the University of Massachusetts have devised a method of breaking a CPU's internal cryptographic mechanisms by introducing specific impurities into the crystalline structure of transistors to change Intel's random number generator.
 * Documents revealed during the surveillance disclosures initiated by Edward Snowden showed that the Tailored Access Operations (TAO) unit and other NSA employees intercepted servers, routers, and other network gear being shipped to organizations targeted for surveillance to install covert implant firmware onto them before delivery. These tools include custom BIOS exploits that survive the reinstallation of operating systems and USB cables with spy hardware and radio transceiver packed inside.
 * In June 2016 it was reported that University of Michigan Department of Electrical Engineering and Computer Science built a hardware backdoor that leverages "analog circuits to create a hardware attack" so that after the capacitors store up enough electricity to be fully charged, it would be switched on, to give an attacker complete access to whatever system or device − such as a PC − that contains the backdoored chip. In the study that won the "best paper" award at the IEEE Symposium on Privacy and Security they also note that microscopic hardware backdoor wouldn't be caught by practically any modern method of hardware security analysis, and could be planted by a single employee of a chip factory
 * In September 2016 Dr Skorobogatov showed how he had removed a NAND chip from an iPhone 5C - the main memory storage system used on many Apple devices - and cloned it so that he can try out more incorrect combinations than allowed by the attempt-counter.

Countermeasures
Dr Skorobogatov has developed a technique capable of detecting malicious insertions into chips.

New York University Tandon School of Engineering researchers have developed a way to corroborate a chip's operation using verifiable computing whereby "manufactured for sale" chips contain an embedded verification module that proves the chip's calculations are correct and an associated external module validates the embedded verification module.

China
The world's largest manufacturer of hardware is China which gives it unequaled capabilities for hardware backdoors. Michael Maloof, a former senior security policy analyst in the Office of the Secretary of Defense, states the Chinese government ordered backdoors to be installed in devices made by Huawei and ZTE Corporation and also sources this with a recent passage of China's new anti-terrorism law that requires telecommunications operators and Internet service providers to provide the Chinese government with "backdoor" access to their products.