Comment by vaxman

1 month ago

@iracigt: There were many thousands of people who were unsurprised (but irritated and then outraged) when Mr. Snowden revealed such disturbing confidential information that they already knew or expected, but who also had known to keep secret and only speak about in general terms among those with whom they had already established credibility to know or understand such difficult to conceive matters.

The proof that you clearly seek of the "backdoor" can come one of three ways, another Snowden-like leak from inside the CCP-controlled Chinese chip fabricators, or more of this inexpensive novice-level probing/jailbreaking of such devices through their digital interfaces and protocol implementations, or via expensive and time consuming analog analysis (eg, TEMPEST, etc.) that study the device's radiology across the whole spectrum. (But even with imaging of the die, there is now a published technique that allows for the FAB to hide new or altered functionality until a sequence of opcodes are executed --in the field!) Nobody outside of government is going to spend much on trying to "(de)certify the integrity" of incredibly cheap ($7!) Chinese SoCs that suspiciously began "flooding the market" during the Pandemic-induced chip "shortage" simply because the circumstantial evidence and technical feasibility of their threat is so overwhelming. Just ask the manufacturer if they included a backdoor: If they know you are a credible questioner and/or may already have the answer, they will typically respond with something like "the other party does the same thing" or "its for debug purposes and will be removed." If they don't believe you to be credible, they will simply not answer you or may, as required by their law, lie. So, until there is another Snowden-like data dump involving CCP-controlled Chinese chip fabrication, you probably won't have access to any proof.

Bottom line: Master computer scientists warn that it is likely modern CCP-controlled Chinese SoC manufacturers are producing products that are vulnerable to RF-side exploitation (think of the signal that the Greeks used to know when to jump out of the Trojan Horse and start killing Romans). I would not ever trust these devices to critical infrastructure or even in many in-home scenarios, like boiler/water/gas operations, cameras/telemetry or automotive. A recommended Western alternative is the Raspberry Pi PICO 2 W. Perhaps one day Apple will be run by a new generation of executives that see another way to Change The World by entering this market.