• Software is easy. It’s the hardware backdoors that are hard to find, and those have been being built for at least a decade. They were pretty simple to start; I can’t imagine what they’re capable of hiding in 5nm process chips.

    • xmunk@sh.itjust.works
      link
      fedilink
      arrow-up
      6
      ·
      7 months ago

      The hardware backdoors are pretty difficult to find… but I object to your statement that software is easy. The obfuscated C contest is a wonderful demonstration.

      • You know the best way to analyze a submission to the OCCC? Compile it, then run the result through a disassembler. You get back far more readable code than the source.

        But you’re right; reading code isn’t easy; I meant relatively. If you have government-level resources and can hire a bunch of experienced software developers to review source code, armed with a bunch if static analysis tools (<cough>NSA), you have a decent chance of finding malicious code in software. I know of no similar tools (and the automated software analysis tools are the important factor) for finding backdoors in hardware.