Nvidia says its chips don’t have backdoors, wants to keep it that way
Nvidia is sitting on an absolutely mind-boggling amount of money… like, enough to make Solomon and Midas and Croesus go, “Wow, that’s a lot of money.” It’s become one of, if not the, richest companies on the planet by riding both the crypto and AI chip booms. But are all those pricey chips secure? Nvidia says they are—and should stay that way, much to the chagrin of some lawmakers.
“To mitigate the risk of misuse, some pundits and policymakers propose requiring hardware ‘kill switches’ or built-in controls that can remotely disable GPUs without user knowledge and consent,” reads a blog post from Tuesday. “Some suspect they might already exist. Nvidia GPUs do not and should not have kill switches and backdoors.”
The blog post is an obvious response to the tensions between the United States and China, which are currently in something of an arms race for “AI” technology, with Nvidia’s chips a key point of contention. Earlier this year, a US lawmaker proposed putting location trackers in Nvidia chips to keep them from being smuggled into mainland China, something that happens on a regular basis to evade export restrictions.
Chinese cybersecurity authorities summoned Nvidia employees last week to rather pointedly ask if newly available industrial H20 AI chips contained spyware or backdoors. The highly-sought-after chips were cleared for export by the Trump administration in April, immediately after an apparent bit of personal lobbying from Nvidia CEO Jensen Huang at a $1-million-a-head dinner at Trump’s personal residence in Florida.
“There is no such thing as a ‘good’ secret backdoor—only dangerous vulnerabilities that need to be eliminated,” wrote Nvidia’s chief security officer in the blog post. “Kill switches and built-in backdoors create single points of failure and violate the fundamental principles of cybersecurity.” In light of the bill proposed earlier this year, it seems possible that the US could demand exactly that as a condition of clearing hassle-free and lucrative chip exports to China. I wonder if more expensive dinners are in Jensen Huang’s future.
The blog post gives a brief history of chip-level security failures, name-dropping Spectre and Meltdown. It’s important to note that what Nvidia is denying here is deliberate, intentional means of disabling or spying upon chips—not security vulnerabilities or bugs that make them susceptible to attack, which do crop up from time to time.
