No backdoors, no kill switches, no spyware. That's Nvidia's pledge after an accusation from the Cyberspace Administration of China, which asked Nvidia last week to provide documents about security vulnerabilities in Nvidia's H20 data center GPUs, specifically citing "backdoor" security risks. Nvidia responded officially with a blog post the company's chief security officer, David Reber Jr.
"Embedding backdoors and kill switches into chips would be a gift to hackers and hostile actors," Reber wrote. "It would undermine global data infrastructure and fracture trust in U.S. technology. Established law wisely requires companies to fix vulnerabilities--not create them."
The Cyberspace Administration of China's concerns stem specifically from the Nvidia's H20 GPU, which is made for the Chinese market and designed to comply with US export guidelines. Ars Technica notes that U.S. lawmakers are considering a Chip Security Act that would "require exported chips to be built with 'location verification,'" and "calls for an assessment of mechanisms to stop unauthorized use." In other words, a kill switch.
If you've watched the Lockpicking Lawyer on YouTube for even a couple of minutes, you know there's no such thing as a lock that can't be picked--just ones that require more specialized tools. The same goes for hardware backdoors. Once there's a door there, someone will find a way to walk through it. Something as ubiquitous as Nvidia GPUs, which populate data centers and consumer PCs all over the world, makes for an especially appealing target.
Reber cites the "Clipper Chip Debacle," in which the NSA and U.S. government pushed for a chip to be installed in telecommunications devices that would allow backdoor access through an encrypted key. Launched in 1993, security experts found multiple vulnerabilities in the next couple of years, and the chip fell out of favor before it was ever adopted.
"Security researchers discovered fundamental flaws in the system that could allow malicious parties to tamper with the software," and "that created central vulnerabilities that could be exploited by adversaries." In other words, this kind of backdoor access might give the U.S. government access to GPUs, but it would also give other governments and other malicious actors access as well, with some effort.
"Some point to smartphone features like 'find my phone'... as models for a GPU kill switch," Reber continued, explaining that those are user-controlled software options. "Hardwiring a kill switch is something entirely different: a permanent flaw beyond user control, and an open invitation to disaster... That's not sound policy. It's an overreaction that would irreparably harm America's economic and national security interests."
"For decades, policymakers have championed industry’s efforts to create secure, trustworthy hardware," Reber wrote. "Governments have many tools to protect nations, consumers and the economy. Deliberately weakening critical infrastructure should never be one of them."
Source
"Embedding backdoors and kill switches into chips would be a gift to hackers and hostile actors," Reber wrote. "It would undermine global data infrastructure and fracture trust in U.S. technology. Established law wisely requires companies to fix vulnerabilities--not create them."
The Cyberspace Administration of China's concerns stem specifically from the Nvidia's H20 GPU, which is made for the Chinese market and designed to comply with US export guidelines. Ars Technica notes that U.S. lawmakers are considering a Chip Security Act that would "require exported chips to be built with 'location verification,'" and "calls for an assessment of mechanisms to stop unauthorized use." In other words, a kill switch.
If you've watched the Lockpicking Lawyer on YouTube for even a couple of minutes, you know there's no such thing as a lock that can't be picked--just ones that require more specialized tools. The same goes for hardware backdoors. Once there's a door there, someone will find a way to walk through it. Something as ubiquitous as Nvidia GPUs, which populate data centers and consumer PCs all over the world, makes for an especially appealing target.
Reber cites the "Clipper Chip Debacle," in which the NSA and U.S. government pushed for a chip to be installed in telecommunications devices that would allow backdoor access through an encrypted key. Launched in 1993, security experts found multiple vulnerabilities in the next couple of years, and the chip fell out of favor before it was ever adopted.
"Security researchers discovered fundamental flaws in the system that could allow malicious parties to tamper with the software," and "that created central vulnerabilities that could be exploited by adversaries." In other words, this kind of backdoor access might give the U.S. government access to GPUs, but it would also give other governments and other malicious actors access as well, with some effort.
"Some point to smartphone features like 'find my phone'... as models for a GPU kill switch," Reber continued, explaining that those are user-controlled software options. "Hardwiring a kill switch is something entirely different: a permanent flaw beyond user control, and an open invitation to disaster... That's not sound policy. It's an overreaction that would irreparably harm America's economic and national security interests."
"For decades, policymakers have championed industry’s efforts to create secure, trustworthy hardware," Reber wrote. "Governments have many tools to protect nations, consumers and the economy. Deliberately weakening critical infrastructure should never be one of them."
Source