The fairly obvious solution here is to stop integration at the point where a truth table can be made of a single chip. That would allow you to exhaustively verify your design. It would run slower but there is no way that I can imagine that would allow a lowly logic circuit to suddenly become something else and both know it's place in the whole circuit, have access to an interesting datastream and be able to exfiltrate all at the same time.
But once circuitry gets more complicated and chips become more integrated you can do just that because the only thing that would need to change is the contents of one single chip.
There was a big scare around small components used to insert new code into target machinery:
But that - if true - mostly hinged on being able to dynamically alter the software loaded into a high level design where the purpose, wiring diagram and target were intimately known to the attackers, all they had to do was engage in camouflaging their part as something innocent, any kind of component level audit would show that this part - which apparently wasn't on the circuit diagram in the first place - performed to its normal specifications.
Initially I was quite skeptical but then a while later this appeared:
That makes the attack sound more plausible. The practical upshot is that if you outsource your fabrication to an unknown third party that you can never be sure what you get unless your skills are orders of magnitude better than theirs. This goes for normal hardware and probably for high value targets and networking components you will have to be extra careful. But I'd be just as careful with for instance large battery packs or things that can be turned on or off remotely. (But that's getting away from component level bad stuff and into the realm of 'normal' attack vectors into embedded hardware.)
Terrifying on the same level as Ken Thompson's "On trusting trust".
In theory even a capacitor could be listening for a serial activation
code and then go short or open circuit to modulate a new signal onto a
wire.
It's a real problem, to put it mildly. I've done enough work with electronics that I know I'd have a hard time identifying such a device or something more up to date and I have at least a basic understanding of what it would take to do this. Someone that is unwary doesn't stand a chance.
But once circuitry gets more complicated and chips become more integrated you can do just that because the only thing that would need to change is the contents of one single chip.
There was a big scare around small components used to insert new code into target machinery:
https://www.bloomberg.com/news/features/2018-10-04/the-big-h...
But that - if true - mostly hinged on being able to dynamically alter the software loaded into a high level design where the purpose, wiring diagram and target were intimately known to the attackers, all they had to do was engage in camouflaging their part as something innocent, any kind of component level audit would show that this part - which apparently wasn't on the circuit diagram in the first place - performed to its normal specifications.
Initially I was quite skeptical but then a while later this appeared:
https://www.schneier.com/blog/archives/2021/02/chinese-suppl...
And with this file as background:
https://www.eff.org/files/2014/01/06/20131230-appelbaum-nsa_...
That makes the attack sound more plausible. The practical upshot is that if you outsource your fabrication to an unknown third party that you can never be sure what you get unless your skills are orders of magnitude better than theirs. This goes for normal hardware and probably for high value targets and networking components you will have to be extra careful. But I'd be just as careful with for instance large battery packs or things that can be turned on or off remotely. (But that's getting away from component level bad stuff and into the realm of 'normal' attack vectors into embedded hardware.)