(no title)

There was also a Western paper on embedding hidden circuits (and thus functionality/ISAs) into CPUs and activating them in the field (after deployment) by executing a sequence of opcodes resulting in something akin to blowing a fuse on the processor die, thereby making the circuits invisible (to even a microscope) until activated. Those secret opcodes could then disable the chip or jump into a block of secret microcode and alter the program counter to behave in a non-standard manner so we might not easily be able to see what's happening, even if we knew to look. One still would have to deliver that secret sequence of opcodes to trigger such a stealth mode...that could be done via microcode/firmware updates from the manufacturer's website or an OS update, or similar techniques. Interestingly, an unexpected iteration of Chinese SoCs began flooding the markets just as the rest of the World was sustaining a "chip shortage" in a timeframe perfectly aligned with what would have been required to implement such a system after that paper was published.

Air-gapping the customer's devices during installation (to prevent the activation opcode sequence) might not work either. Many Chinese SoCs are used as embedded peripherals simply to add WiFi, Bluetooth and Thread capabilities onto existing designs via a simple UART or doorbell interconnect. This makes it too easy for these Chinese SoCs to also be listening for a Morse-code-like activation signal on a low-frequency band, triggering the backdoor to open (enabling a more conventional remote code execution port or logic debugger exposed via WiFi or BLE for example, or causing malfunction or damage to what's on the GPIO or UART pins). Such low-frequencies could be disguised (think Blue Whale signals) so they might be sent slowly over great distances (or even from floating weather balloons or low earth orbit) without drawing too much suspicion. https://youtu.be/E-gbYjLd93g