Obviously if it were so no one would be talking, so maybe the question is how plausible is this possibility? Would independent reverse-engineerers have found anything like that, or does the scale and sheer complexity of modern chips make them incomprehensible to anyone but the teams that develop them?
You think so? I think the reverse is true… obviously true. If it were so, everyone would be talking about it. It’s the same problem I have with most conspiracy theories: a lot of people would have to know about this, many of whom would not even be government employees, and the odds of every single one of them keeping his mouth shut are vanishingly small.
The team that develops them consists of hundreds of people, most of whom are geeky engineers who tend to mistrust the government and are terrible at keeping secrets.
Chips really just run software and their own software is a very limiting microcode. The idea that a backdoor is running on a CPU is flawed. If a government was to do this they would put the backdoor in the OS-level or in a driver or somewhere on a level much higher than the CPU.
Its pretty implausible. Foreign intelligence agencies would have enough manpower to discover these kinds of backdoors in software, so the idea that you could produce it and walk away is silly. Once this was publicized then it would probably be market suicide for the company.
Right now law enforcement just installs a trojan or a hardware key logger. No need for conspiratorial thinking when you can just get a warrant or sniff traffic over the internet.
What do you mean “all chips”. Are you asking if some chap in a black suit and sunglasses could tap a few keys on his computer and find out if I correctly wired the 555 on my BEAM robotics project?
I can’t see much point in building a “back door” in chips considering most of the data in them’s volatile in the first place.
I’ll say, if you ask (and sometimes not even then) most of the guys I know at uni (myself included) about electronics you’ll have to ask us to shut up (which may not even work).
Ha!
Actually, a Chinese company was accused of doing this just a few weeks ago. Chinese firm hits back at cyberspy claims • The Register. Mind you, the allegations aren’t anything concrete, but the British government is expressing concerns that chips made by a firm that had its roots with the Chinese military and government might insert killswitches that could disable infrastructure when activated.
This is shit that governments take very seriously. It’s not impossible that some US-made chips carry such killswitches too. Probably not your Pentiums, but maybe some specialized chips used for telecoms and such.
Of course, most of these backdoors are actually made in software. Especially server-side software (with ISPs and others creating big logs), but also client-side. Not everyone plays ball. The intelligence community is really pissed off that Skype won’t let it into the encrypted communications of its users, although skype may cave on that point at any moment.
Reverse-engineering a chip just by looking at its transistors (or even, a schematic that shows the logic gates but not high-level abstractions) is ridiculously hard. Harder than observing and reverse-engineering software.
There’s a backdoor of sorts embedded at a very low level in color laser printers that allows law enforcement to determine which specific printer produced a document. Tracking dots are printed on every document, and there’s no known way to disable it.
*** Ponder
Risc-descended chips (like SPARCs) don’t use microcode. x86 chips still do. I assume AMD uses it also, but I’m not positive. In any case, I totally agree that backdoors would be put into the software. However I don’t see how someone would do it in Linux or Solaris which are open source.
I’ve been on several microprocessor development teams, in fact I have a netlist of one on my computer right now. Any such thing would need access to the I/Os of the chip, which would probably mean a lot of interface logic, which would be noticed.
Also, a lot of CPUs these days are cores which get put inside systems on a chip - for example processors from ARM. The vendor does not know how these are going to be used, so putting a backdoor in them would be pointless. Other CPUs, like from Tensilica, are customized for each application.
Of course might be in on the conspiracy. 
But if I were, I’d probably get paid more, and people on design teams wouldn’t get laid off.
Most microprocessors have some sort of hidden instructions and debug logic, which gets unlocked with some sort of a code. That is to both keep hackers from taking over the processor and to protect the design. Zero to do with backdoors.
Are secret government backdoors built into all chips today?
Almost certainly not, for all the reasons given above.
But that doesn’t mean it hasn’t been done in the past-- the U.S. goosed the Soviets this way.
The U.S. probably only pulled it off given the atrocious lack of Soviet tech knowledge at the time. Given that everybody knows how to build this stuff now, I think the opportunities for hardwired mischief are greatly reduced, by orders of magnitude.
That said, also as others have noted, that doesn’t stop governments from requesting/demanding access to backdoors put in place by the manufacturers/designers/operators themselves. Different beast than the OP.
I know a way to disable it. Insert enough extraneous dots into every document to be printed that the “real” dots become meaningless.
Ah, but this could still be used to eliminate printers from an enquiry 
And I suspect they’d be able to determine which dots you made and which the printer made seeing as you don’t know what the dispersal patterns should look like.
Remember the Clipper chip?
If you don’t it was an encryption chip developed by the US government. The idea was that they would retain a backdoor to all encrypted communications. The idea failed when a team of hackers released the code for the chip, giving everybody who wanted it the same backdoor.
If the government had some backdoor, another group of hackers would have exposed it by now.
Or use a black and white printer.
So secret manufacturer backdoors are built into all chips these days? 
Clearly, you are not a co-conspirator, or a very bad one.
It’d be part of the binary NVIDIA driver. Duh.
According to wiki, that’s not what happened. Hackers figured out how the clipper chip’s phone-home function could be disabled. That made it much less effective (against sophisticated criminals–plain old criminals wouldn’t be so smart), but didn’t let anyone in on the backdoor.
I’d be interested in exploring this point. From my understanding, a netlist is an impenetrable black box. I can see what you’re saying about hanging a block of transistors immediately near the entrance to the chip (where in-out paths can still be discerned). But were it located anywhere deeper (such as in the packet analysis and routing circuitry of a network switch), it just would never be found.
And of course, even that requires having the netlist. Good luck if all you have is a knife and a microscope.
Or the tons of code that no one really looks at. A few years ago there was a scandal about some OSS software that had an old backdoor put into it. Its turns out the millions of eyes that audit this code is more of a myth than we like to accept, especially for unsexy projects.
Or code you downloaded from a hacked repository.
At a certain point you need to stop worrying about all the parts of the machine that can be exploited and treating it like one big black box. Is it performing an outputs that are suspicious? Like random UDP packets to China?
I think the proof of the lack of backdoor scenarios is all the traffic analysis going on. If the chinese were able to root our machines remotely we’d see it in the traffic. Eventually.
One of my favorite backdoors was built into the c compiler. Anyone who used Ken Thompson’s compiler to compile the login code for an operating system, the compiler would recognize it and add code in that would also make it accept Ken’s login for root access. Furthermore, the compiler was also able to recognize whenever a compiler was being compiled and put the same exploit in it, so if you wrote a completely new, completely clean compiler, and compiled it using the existing one, it’d still have the backdoor. No amount of checking source code could ever find the backdoor.
I’m assuming here the backdoor is placed by someone other than the design team. Lots of microprocessors have undocumented instructions. Motorola used to have an HACF (Halt and Catch Fire) opcode used for testing. It was undocumented, but when they changed it a bunch of people yelled.
If the design team weren’t involved (the back door got placed by changing the mask or something, or added when an ASIC vendor synthesized the design) you could find it if you generated your own test vectors. These are done based on the netlist, and any change to the netlist is going to cause them to fail - unless the backdoor was totally isolated, which isn’t possible, I think. Now, if you give a Verilog file and some functional vectors to an ASIC vendor and they do everything, you might well get something interesting back without knowing it. But any backdoor, to be useful, would have to be almost everywhere. Processors are perfect.
BTW, I’m a test person, and we may be the last people on earth who read netlists all the time. So it’s not impenetrable to me. Netlists have hierarchy also, and some odd block will stand right out. Not to mention that hacking a netlist and understanding the crud Synopsys generates while not making any mistakes is going to be real tough.
One more thing - vectors are simulated before silicon. Any change to the silicon, unless really carefully done, may change the output and make a test fail. Putting a big fat mux into your design, very likely on a critical path, is going to screw up timing, and that will be noticeable. You’d have to find someone who knew the design very well, and was really good at this stuff - and who worked fast. They are not going to have a lot of time to do this, and get it right, before the customer starts complaining.
The government could order it done - but like I said, it won’t stay secret for very long.