The Tech Report writes a team of US and European security researchers presented a concept of a hardware-based Trojan attack on Intel's Ivy Bridge processor. The research paper (PDF) shows that by changing the dopant polarity of just a few of Ivy Bridge's 1.4 billion transistors, it's possible to reduce the chip's random number generator's entropy from 128 bits to 32 bits, making the cracking of cryptographic keys much easier.
There's no evidence of hardware trojans in the wild, but the researchers say such an attack would be really hard to detect.
They claim the exploit is stealthy enough to pass not only the CPU's built-in self-test, but also the National Institute of Standards and Technology's tests for random number generators.
Inserting the trojan involved altering the dopant masks of "only a few" transistors. Ivy Bridge has about 1.4 billion transistors, making the small change difficult to detect. According to the researchers, the "sub-transistor" trojan can't be exposed by optical reverse engineering because the chip's circuitry remains the same.