Ok. I read it. Would someone be so kind as to explain what it means for the average person? Should I be afraid?
A bad guy modifies the chip very late in production. The modification is essentially a FET that has a sluggish leaky gate. Under normal operation the gate will never develop enough charge for the FET to conduct making it indetectable by testing. The FET is physically extremely small making it almost indetectable by eyeball (scanning electron microscope).
You install an application on your phone. The application works well. You are pleased.
Unbeknownst to you, the application is actually a Trojan Horse. It strokes the hardware in just the right way that the FET's gate charges to the necessary threshold then conducts. The FET essentially short-circuits the processor's hardware protection allowing the Trojan Horse unfettered access. The Trojan Horse then does its nastiness.
Not even a highly secure operating system can protect against this kind of attack.
Obviously, the bad guy would have to be a team of people (programmer, chip designer, someone working at a fabrication facility). But, bad guys have been known to occasionally band together. (The NSA comes to mind.)
ok. So it doesn't do anything bad on its own, it just leaves a back door open for them at a later time. A back door that can't be locked that I can't even see.
I think Samaritan will take over and rule the world.
Maybe the threat of buggy hardware will put a premium on the price of the few old laptops that I have and which were made before this new threat was invented. :
It continues to amaze me that computer folks routinely use the phrase "computer virus" yet they never take the trouble to build defenses against those threats in the way that nature does.
Nature deals with threats by taking care to ensure that individual plants or animals are not all clones of each other. That way a virus cannot normally wipe out the entire stock.
Yet our computer world first started by creating all those Microsoft OS clones and is now doing much the same with phones with Android.
IMHO it would make sense to deliberately create different low-level OS versions with a higher-level compatibility layer (something like the JVM). That way it would be hard for malware to spread between PCs and a malware developer could not rely on a critical mass of targets.