The tech giants claim that Bloomberg’s story keeps changing and that much of it lacks evidence. However, there’s an ever better reason why the Bloomberg story can be dismissed out of hand: it’s completely ridiculous because if China wanted to add a spying capability to hardware, they have a far less detectable way to do so.
Contrary to how they appear to the electronically illiterate, circuit boards are not particularly complex. An competent electronic engineer can compare a board as manufactured to the board’s circuit design simply by eyeballing. That’s especially true as circuitry has migrated from the boards onto SOC (System On Chip) designs, which tends to make boards less complex.
Sticking a “spy chip” on a circuit board is about as subtle as storing a “secret” key to your car by using it as the hood ornament. The entire concept is beyond ludicrous, especially since it would be trivial for the Chinese government to hide the spy circuitry inside one or more the chips.
There are two ways this could be accomplished with little to no chance of detection:
1. When the chip is originally designed.
It’s been decades since chip designers laid out the internal circuity in a semiconductor by hand. Today’s designers use fantastically complex programs (called EDA or Electronic Design Automation) that handle the layout of the billions of components and connections that make up a modern chip.
During that process, much of the circuitry is transferred into the chip design in the form of “blocks” of pre-defined intellectual property (IP) that’s already been designed and tested to correctly perform certain functions. IP blocks are basically black boxes; if a designer upstream inserted some rogue circuitry, it would be propagated everywhere that IP block ends up.
There’s no evidence that this has ever happened but it remains a possibility. However, there’s much more likely point where a bad actor could insert rogue circuitry into a chip…
2. When the chip is manufactured.
Chip manufacturing plants (aka fabs) don’t simply make chips as designed. Especially at the smaller (and thus harder to manufacture) geometries reserved for the most important chips, fabs tend to have their own, proprietary manufacturing processes with their own peculiarities.
As a result, chip manufacturers have their own design engineers who make changes to the original chip design to ensure it can be correctly manufactured with an acceptable yield (i.e. a small number of failed chips.) While the fab engineers typical work closely with the original designers, it would be trivial for a fab engineer to add a rogue “spyware” block of IP that would be virtually undetectable.
What’s scary about this scenario is that chip-embedded rogue IP would be almost impossible to detect except, maybe, when it was communicating with another device or chip, like by piggy-backing data on the “noise” accompanying a wireless signal. (I don’t know if that would actually work, but there are probably other ways to accomplish the same thing.)
Note: I’m not saying that this has actually happened nor am I accusing SMIC of anything. (I’ve reached out to SMIC for comment but have not heard back from them.) Frankly, based upon what I’ve heard, their industry reputation is sterling. Certainly they’re extremely competent technically.
I am saying, however, that if China wanted to widely spy on companies and individuals, it wouldn’t need the absurdly ham-handed approach of adding a chip to a circuit board. In short, as ridiculous as Bloomberg’s “spy chip” story might seem, it theoretically could contain a core of truth. So maybe it’s unwise to immediately dismiss the Bloomberg story as utter nonsense.