This could be exploited by anyone at Intel, from corporate management, to design, to the people actually making the litho masks. Or someone hacking into Intel, which is not as unfeasible as it sounds, given the potential advantage this kind of exploit would give to any espionage agency.
CPU-level cryptography attacks are currently probably the scariest ones, as motherboards no longer provide memory controllers, so extracting a key is no longer feasible to do in a way that is difficult to detect.
I've worked for Intel for 18 years, I've worked on chips with these random number generator units on them, and I've worked on mask design (a long time ago) and I've been involved in taping-in chips, and with all that experience, I still would have absolutely no idea how to do this sort of hack. The database is shipped to the mask shop - a totally different team from the design team in a process that is called "taping-out" - a historical term referring to the process of saving the data to large magnetic tapes and then taking them out of the building and moving them to the mask shop. The mask guys - in turn - would then need to know exactly what to change on the masks but they have no real visibility into what the schematics look like or what they would need to change - it's a sea of data. Then you would need to modify the masks themselves - somehow. Or, someone could guess that some fab worker could do this, but the fab workers just get the masks and program the machines according to the recipe and there's no ability to dial in the tools to focus on particular transistors. Then there's the idea that someone could hack into Intel to change it - you'd need to know so much inside info to do that... I work on these projects and I frequently have to ask my co-workers for basic information like "hey, what's the path to the main RTL repository?". I can't even imagine trying to reverse-engineer something like mask data externally - it's confusing for the people who work here.
I find the whole premise of this "hack" to be remotely possible - you could do it - but pretty impractical... and then on top of that, say that you do change the randomness of the random number generator, to the best of my knowledge (and my knowledge is pretty good in this space) no one is relying solely on the random number - without any perturbations at all - as one source of "randomness". As Linus Torvalds wrote in this petition, "Long answer: we use rdrand as _one_ of many inputs into the random pool, and we use it as a way to _improve_ that random pool." meaning that you've reduced the randomness of one small portion of a chain which is of limited value in the larger picture.
For the curious, this is the paper in PDF form:
http://people.umass.edu/gbecker/BeckerChes13.pdf
Read it yourself and see what you think. If nothing else it's interesting from a thought experiment point of view.
* As always, I'm not a company spokesperson for Intel and my comments are my own. *
Last edited: