The Konami Code and the rationality of national fears about foreign supply-chains.
One of the best-known cheat codes in video game history is the Konami Code (コナミコマンド). In a surprisingly large number of games, pressing the sequence ↑ ↑ ↓ ↓ ← → ← → B A will change the rules of the game in one way or another: giving extra lives, granting powerups, revealing hidden content, and so on.
Implementing this in a game is straightforward, requiring only three components.
Add a simple counter variable to the global program state to count how far along this sequence the player is.
Add a bit of conditional logic in the input processing code; something like
if counter is 0 and button is ↑ or counter is 1 and button is ↑ or counter is 2 and button is ↓ or counter is 3 and button is ↓ or counter is 4 and button is ← or counter is 5 and button is → or counter is 6 and button is ← or counter is 7 and button is → or counter is 8 and button is B or counter is 9 and button is A then increase counter by 1 otherwise set counter to 0
Either add “or counter is 10” to the existing conditions for the granted options or add a new “if counter is 10, grant feature” to the then-case of the above conditional logic.
The simplicity of this programming means it can easily be replicated in hardware. Even small computer chips such as might be found in a tire pressure sensor or microwave control panel have many counters and conditionals; adding in one more counter and a few more conditionals would be trivial to do and barely noticeable to those inspecting the chip. Anyone building such a chip, or the software that runs on it, would be able to add such a cheat code with ease if they wished.
Does this mean your microwave has a cheat code, some magical sequence of buttons you can press that will make it play Greensleeves on its beeper or turn on full-power with no timer? I have no idea. There’s no obvious reason why someone would have added that, but also no obvious reason why they couldn’t have done so. As Ken Thompson famously observedDOI 10.1145/358198.358210, the real question is if you trust the people who created it.
Now let’s consider a complete computer, like the one you are reading this post on right nowI assume you are reading this on a screen, not a printout, but if I’m wrong then consider the computer that was used to print it.. It got the post from the Internet, meaning it has some means of letting other computers send it messages. If I sent it a message that said, for example, “encrypt your entire hard drive, then demand a ransom before unencrypting it”, your computer would not do that. Inside the computer is some logic for how to handle messages it receives, and most requests I could send it will not be honored.
But now suppose the chip had some cheat code. As complicated as a computer system is, there are dozens of places it could be added in hardware or software. Let’s suppose that cheat code worked as follows: after receiving the network-equivalent of the Konami Code it treats whatever comes over the network next as commands and obeys them. If I knew that code existed, all I would have to do to take control of your computer is put somewhere in this post content that will be converted into the cheat code network message when the page is sent to your computer by my web server, followed by encoded instructions to tell your computer what I want it to do.
But surely this is hypothetical, right? No business would risk the outcry that would follow the discovery that they had shipped such a cheat code!
I mean, they wouldn’t, right? Right?
Or would they?
The question is not one of ability, it’s one of trust. Who built the chips and code in your computer? Who might have had influence over them? How would they weigh the risk of discovery, the benefit of control, the moral obligation to do no harm, the fiscal obligation to enrich their shareholders, the patriotic obligation to preserve their national interests, the urge to show off their ability, the desire to have a magic key to use to fix a problem if you call them with a strange bug, and so on?
That your computer has cheat-codes is a known fact: many benign cheat codes like the Konami Code are well-documented. That your computer has cheat-codes that are not publicly known is a near-certainty: new codes are discovered or revealed with some regularity. That a cheat code could be very hard to detect and could grant very extensive influence is a well-documented fact. Whether those skeleton-key cheat codes are actually present is anybody’s guess.
In making that guess, the first question to ask is “who made this device and why should I trust them?” If the answer is “someone who might be considered my enemy, and I don’t trust them” then perhaps you should rethink what you use that device for.
Fortunately, I don’t have many enemies personally. But I live in a nation that is considered an enemy by several other nations, and some of the components in the computer I am using to write this post were manufactured in those nations. I don’t know if the patriots in those nations influenced the manufacture, nor if they weaponized my computer with a cheat code; and even if they did, I don’t know if they’ll choose to use it. But if my computer has no such cheat code, that absence is because of manufacturer choice, not technical limitation.
I like my computer. I like that it was inexpensive due to the efficiencies of a global supply chain. I very much hope that no one decided to weaponize it, or, if they did, that diplomacy succeeds and secrets stay secret and no one, neither the cheat-code designers nor some criminal or vandal who happened to discover it, pulls the trigger.