>One could design a microcontroller, for example, that was disguised as an 0805 capacitor and functioned like an 0805 capacitor, but also had other functionality.
Don't you think it's going to be suspicious when you see a capacitor with 6 pins? Don't you think anyone that inspects the motherboard is going to wonder why a capacitor has 4 additional lines going to a critical flash chip? Seriously.... The entire article here is around replacing entire components. Adding new traces to a finished PCB is impossible without using wire that will be suspicious to anyone doing a visual inspection. Most sabotage will probably just program the flash chips with malicious software without changing the hardware or swap big components that use standardised footprints like QFN with a nearly identical part. Adding a small capacitor sized micro controller where it doesn't belong and on top of that connect it to existing chips in comparison is extremely hard. At that point you might as well design the backdoor into the PCB itself and embed it between the individual layers of the PCB.
It would not have to have more than two leads, depending on its use in the circuit. It was an example meant to illustrate how the dramatically different levels of miniaturization can make it hard to reason about attack vectors.
Consider what a state actor could do with access to modern microprocessor level fabrication.
I'd expect that we'd see features such as the following:
- sophisticated intra-chip communication
- long periods of total dormancy of the exploits
- circuitry capable of receiving a "it's safe to begin the attack" message
- surprising communications vectors for exfiltration
- technology to make malicious parts appear under x-ray to be normal
- fallback to awaiting the message to perform DoS if more sophisticated attack vectors are not possible
I agree with your suggestion about using the existing footprint, etc. There is likely some very sophisticated tech for making malicious parts x-ray and test as normal in every respect.
The network connector exploit described in the article would be easily detectable by temperature dissipation measurements. So distributed methodologies are likely in use.
I'd also estimate that a large number of mobile devices have built-in hardware compromises that are dormant and can be used if necessary. These would be the simplest attacks to carry out and would have extremely high yield. Things like:
- phones suddenly jamming the 4G and WiFi network simultaneously
- hardware implants to help detect whether a device is being used by a high value target. Such an attack could be created using a tiny bit of silicon and would be dormant in most cases.
The biggest risk to a state actor doing these kinds of attacks is being detected, so firmware based attacks are potentially more risky than hardware attacks, since we are better at detecting a checksum mismatch than we are at testing hardware across the spectrum of possible input conditions that might trigger unusual behavior.
So I think we'd see state actors dipping their toe in slowly to these kinds of attacks, first establishing the supply chain hacks without anything malicious going on, and then gradually phasing in actual malicious hardware once the relevant parameters for the attack are better understood.
It's interesting that you're using slither.io as an example. I've played hundreds of io games. Almost all of them are trash but figuring out the mechanics and finding the surefire way to win and then moving on to the next game was what I found interesting. So far there is only one good .io game that I actually keep coming back to and that is starblast.io.
My takeaway is: If your game fails then it simply wasn't good enough and making good games is hard.
Don't you think it's going to be suspicious when you see a capacitor with 6 pins? Don't you think anyone that inspects the motherboard is going to wonder why a capacitor has 4 additional lines going to a critical flash chip? Seriously.... The entire article here is around replacing entire components. Adding new traces to a finished PCB is impossible without using wire that will be suspicious to anyone doing a visual inspection. Most sabotage will probably just program the flash chips with malicious software without changing the hardware or swap big components that use standardised footprints like QFN with a nearly identical part. Adding a small capacitor sized micro controller where it doesn't belong and on top of that connect it to existing chips in comparison is extremely hard. At that point you might as well design the backdoor into the PCB itself and embed it between the individual layers of the PCB.