The most "devastating" use of the technique is to modify a chip's random number generator, Schneier noted in a blog post. "This technique could, for example, reduce the amount of entropy in Intel's hardware random number generator from 128 bits to 32 bits," Schneier said.
"This could be done without triggering any of the built-in self-tests, without disabling any of the built-in self-tests, and without failing any randomness tests."
So while users assume that the random number generator is producing strong 128-bit encryption keys, in reality, it is generating 32-bit keys that can be easily broken, Parr noted.
There are several other scenarios where an integrated circuit can be modified to make it function in an unexpected fashion, he said. Detecting the modifications would require an additional level of testing of circuits, he added.
This article, Security researchers create undetectable hardware trojans, was originally published at Computerworld.com.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed. His e-mail address is firstname.lastname@example.org.
Read more about processors in Computerworld's Processors Topic Center.