OK, if we can’t trust computer chips, what do we do? It almost feels like the security war to protect information, or at least keep it private, might be lost before our very eyes in the next decade.
There’s a story about a back door being hidden inside a chip. That’s nefarious, and entirely plausable. After all, how many people, forget about the millions that aren’t technical, how many people in the world can analyze chip designs for back doors? How many people would have to be corrupted, bribed, threatened, etc to make this happen? It’s probably very few.
We have enough issues with back doors or flaws in software. We can’t even patch, upgrade, or change that quickly. Imagine if computer chips in PCs, routers, wifi cards, really any widely used device had a back door implanted? We would have fundamental security flaws for quite some time.
This sounds like a movie plot and I really hope that’s the level of reality here. However, as more companies look to spec their own hardware, especially large cloud vendors, this is disconcerting. After all, inside a company there can’t be extensive reviews of designs for security flaws. Many companies might outsource the manufacturing of their chips to another company. In that case, could employees of the manufacturer look to embed back doors in chips? I’d hope designs are presented, manudactured, and then discarded quick enough to prevent anyone from engineering a back door into the hardware, but I’m not sure how difficult this is, or how much change would be needed to a design.
I suppose there isn’t much any of us can do if this possibility is feasible, but we certainly can keep abreast of security issues and perhaps ensure we use a variety of hardware so that any particular issue doesn’t affect our entire infrastructure.
The Voice of the DBA Podcast