"Backdoors" are the rule.
Testing hardware and debugging software is not trivial today. How do you test millions of lines of code or billions of transistors? The more complex the technology, the more creative approaches are needed. Cryptographic systems often present an additional challenge. After all, many testing procedures are ultimately about checking whether the system delivers the output that matches the input. Cryptographic methods can also be reliably tested with known input-output pairs. Such input-output pairs are called test vectors and are usually provided by the provider of the method.
However, if you want to feed a system with random values, cryptography is often a difficult obstacle to overcome. For this purpose, the manufacturers of hardware with cryptographic functionality incorporate possibilities into their devices to bypass the integrated random number generator. Such "backdoors" are surprisingly widespread and were usually not documented, at least in the past. Already in the 1990s there was a section in the legendary developer magazine "Dr. Dobb's Journal" in which some of these undocumented features were described. Meanwhile, however, the secrecy has become more difficult, especially due to the Internet. For example, the Wikipedia x86 Instructions page lists many undocumented features. And yet there are always spectacular cases, some with concrete implications for IT security.
At the Black Hat USA conference in 2018, security specialist Christopher Domas caused a major scandal. He makes a backdoor known in various x86 processors - the Rosenbridge backdoor. It makes it possible to switch from the lowest privilege level of the processor (ring 3) to the highest (ring 0). Application programs run on ring 3. They do not enjoy any privileges there - which prevents them from accessing the code or data of other applications. Ring 0, on the other hand, is reserved for the operating system itself, which manages the resources that all running processes can access.
When software runs on ring 0, it can potentially bypass any security mechanism of another process. For example, if the process uses a password or cryptographic key, the software can read this information from memory. It can also easily grant itself root permissions. The backdoor is deactivated on the most affected processors. However, it can be switched on with ring-0 privileges. And some systems were even shipped with the backdoor activated - usually without the user's knowledge.
Rights escalation is possible because the affected chips contain a coprocessor that enables the undocumented feature. This is the relatively old Via C3 series, which is used in industrial automation systems, point-of-sale systems, ATMs, HealthTech devices and various desktop PCs and laptops. The chip's datasheet points to the feature. However, it also emphasizes: "This alternative instruction set is intended for testing, debugging and the use of special applications. Accordingly, it is not documented for general use."
Ways out of the dilemma
As already mentioned, it is difficult to ensure that an encryption mechanism has been implemented correctly. The output of cryptographic algorithms often looks like a collection of hundreds or thousands of random bits. They never return something like "This string", but generally something like "0x7649abac8119b246cee98e9b12e91-97d8964e0b149c10b7b682e6e39aaeb731c". Debugging the underlying code is therefore not easy.
For software developers, however, there is an easy way out: never write your own cryptographic software! You may have learned during your studies how algorithms work and why they are safe. But hopefully the lecturer also told you that own developments in this area rarely make sense. First of all, it is a very complicated matter, where any carelessness can mean that the algorithm offers no protection in practice. And secondly, numerous libraries are available at low cost or even free of charge, validated to the highest standards.
Everyone else should at least keep in mind that hardware that implements cryptographic functions could be equipped with a backdoor. This does not necessarily have an impact on IT security, but nothing can be ruled out. For example, it is relatively unlikely that the relatively old chips of the Via C3 series are still in use in modern companies. But it is definitely worth taking a closer look at other hardware as well.
Micro Focus is a leading global enterprise software company uniquely positioned to help customers expand existing investments while introducing new technologies into a hybrid IT world. Micro Focus provides its customers with a best-in-class portfolio of scalable enterprise solutions with integrated analytics, delivering customer-centric innovation in Enterprise DevOps, Hybrid IT Management, Security, Risk and Governance and Predictive Analytics. For more information, please visit www.microfocus.com.