China claims Nvidia built backdoor into H20 chip designed for Chinese market

US semiconductor giant is trying to revive sales in the country.

See full article...

 

[beheadedstraw]

 

[Frodo Douchebaggins]

 

[close]

The CAC did not specify which experts had found a back door in Nvidia’s products or whether any tests in China had uncovered the same results

A lot of this info comes from... hidden sources, not reverse engineering. If this is the case, and if Nvidia actually built in a backdoor, China won't burn a source just to provide details. If this is indeed true, they said enough for the right ears to know the jig is up.

The story could all be BS, and just a negotiation tactic or something.

 

[SixDegrees]

How is a chip inside a metal box, inside another metal box, inside a giant building full of EMI, supposed to track its own location?

How are you supposed to remotely shut down a chip that has no direct access to any network, and is only fed data from who-knows-where preprocessed who-knows-how?

Maybe it uses "AI"! That'd explain why "AI Experts(TM)" know about it, instead of, you know, actual experts in something relevant.

Same applies to the similar stupid allegations against a lot of Chinese chips. No, a freaking flash chip embedded in a phone can't, in any practical way, be remotely signalled to do anything useful to anybody.

This belies a woeful misunderstanding of modern electronics/computing systems.

 

[SixDegrees]

A lot of this info comes from... hidden sources, not reverse engineering. If this is the case, and if Nvidia actually built in a backdoor, China won't burn a source just to provide details. If this is indeed true, they said enough for the right ears to know the jig is up.

The story could all be BS, and just a negotiation tactic or something.

I think the article is accurate in noting that there are different factions within both the US and China supportive of / opposed to trading these chips, and we're seeing one faction's latest press release.

 

[LordEOD]

I mean, it takes one to know one, I suppose - and a thief is most worried about theft and all that.

I guess they're in the same position everyone else is with concerns about Chinese hardware and have the same concerns about being dependent on a foreign, hostile nation for their equipment.

It's just how the game is played China, but you know that, right?

 

[hizonner]

This belies a woeful misunderstanding of modern electronics/computing systems.

Then I'm sure you'll be able to answer the questions. Give detailed, plausible ways to do those things, taking into account how those particular chips are used.

Also, "belies" doesn't mean what you seem to think it means.

 

[Wandering Monk]

Then I'm sure you'll be able to answer the questions. Give detailed, plausible ways to do those things, taking into account how those particular chips are used.

I’m also curious, since this was my first reaction as well (that adding “location-tracking” to an AI chip is a laughable accusation). But I’m always happy to learn something new, and I often do from the Ars comments. But just saying “you clearly don’t know anything” isn’t helping anyone.

 

[Gillian Seed]

Remotely shut down the chip? Is this Hardware as a Service?

 

[ktmglen]

Seems similar to the US freaking out about DJI's drones and preventing them from being imported and sold in the US.

 

[ProdigySim]

Remotely shut down the chip? Is this Hardware as a Service?

I think it still falls under "DRM".

 

[hizonner]

Seems similar to the US freaking out about DJI's drones and preventing them from being imported and sold in the US.

The drones actually have a more or less unrestricted network communication path to DJI, and I believe they'll shut down if they lose it for long enough. They also take unreviewable OTA firmware updates as a matter of course. So there's at least some possibility of DJI shutting them down, grabbing images from them, kamikazeing them into small fluffy animals, or whatever. And a drone does know its location, as part of its function.

A chip buried in some larger system doesn't have those luxuries, other than maybe the firmware updates... which you shouldn't just be blindly taking if you're worried about that sort of thing.

Not to say that DJI has in fact done anything, other than stuff like geofencing the drones at the request of the "receiving" governments.

 

[feoh]

My thoughts on this:
1. Why would any overseas country even want to do business with US firms at this point? America under the current administration is basically a chaos muppet.
2. Barring some researcher finding an actual smoking gun, how does one even disprove an allegation like this given the complexity of modern silicon, especially GPUs?
3. Requiring hardware to track its own location? Why would anyone ever buy such a thing under any circumstances unless that was an advertised feature of the device and a part of its inherent design nature? (e.g. a GPS or tracking tag)

 

[ktmglen]

The drones actually have a more or less unrestricted network communication path to DJI, and I believe they'll shut down if they lose it for long enough. They also take unreviewable OTA firmware updates as a matter of course. So there's at least some possibility of DJI shutting them down, grabbing images from them, kamikazeing them into small fluffy animals, or whatever. And a drone does know its location, as part of its function.

A chip buried in some larger system doesn't have those luxuries, other than maybe the firmware updates... which you shouldn't just be blindly taking if you're worried about that sort of thing.

Not to say that DJI has in fact done anything, other than stuff like geofencing the drones at the request of the "receiving" governments.

Oh definitely. The drone security story is at least plausible. And a lot of police departments and wildlife agencies (who aren't subject to the blue lists) use DJI drones instead of US-made drones.

But as a non-pro drone user, I'd much rather a DJI drone send pictures of my fine American ass and data to the CCP than a US drone send the same to Zuckerberg, Thiel, Musk, etc.

Sorry for the edits. I need moar caffiene.

 

[Derecho Imminent]

Not surprised at all.

 

[Derecho Imminent]

Trump: Ok you can sell to China if you design a chip specifically for them using these added parameters.
China: nevermind

 

[Steve austin]

bro... my garmin watch is tiny af and can track my location? do you not understand how small gps receivers can be?

also, just off the top of my head, I can imagine using a similar receiver to receive a shutdown command

I don't think nvidia actually did this, but... it's not unrealistic

Put your garmin watch in a metal box, and it won’t track anything. It has nothing to do with size and everything to do with ability to receive signals from the satellites.

 

[Wandering Monk]

bro... my garmin watch is tiny af and can track my location? do you not understand how small gps receivers can be?

also, just off the top of my head, I can imagine using a similar receiver to receive a shutdown command

I don't think nvidia actually did this, but... it's not unrealistic

Umm, watches that have GPS are notoriously larger than watches without. Also, put your watch inside a server, that’s inside a server rack, that’s inside a data center, and see how well the GPS functionality works. Heck, how well does your GPS watch work indoors? Because mine can’t get a fix until I’m outside.

 

[poke 532810]

bro... my garmin watch is tiny af and can track my location? do you not understand how small gps receivers can be?

also, just off the top of my head, I can imagine using a similar receiver to receive a shutdown command

I don't think nvidia actually did this, but... it's not unrealistic

Does your Garmin watch function inside a metal box inside a metal cabinet inside a metal and concrete building? In a building I worked in, they had to run cables to antennas on the roof because the GPS receivers on some test equipment couldn’t pick up a usable signal when the antennas were in the lab.

 

[huskcummerbund]

If anyone on the planet is going to spot a backdoor installed into hardware, it's definitely going to be China. They've become experts at doing it themselves.

 

[arakon]

I think it’s possible. We already have seen stories this week about IoT devices (exercise equipment) that cease to function unless they have network access. I imagine it wouldn’t be hard for NVidia to bake in something similar that the machine needs to get a rolling key from an NVidia server to continue to function.

Once connected you can piggyback whatever you wanted if the endpoint is made to listen to instructions.

 

[jimmyeatapple]

I think it’s possible. We already have seen stories this week about IoT devices (exercise equipment) that cease to function unless they have network access. I imagine it wouldn’t be hard for NVidia to bake in something similar that the machine needs to get a rolling key from an NVidia server to continue to function.

Once connected you can piggyback whatever you wanted if the endpoint is made to listen to instructions.

Never updating mine. The current firmware works without a connection, not playing with fire.

OT: I agree with other posters here saying they were just vague enough to communicate they know something inappropriate is going on without burning their source or exposing the exact nature of the tracking/kill switch. Would be funny if it turned out to be just a bug...

 

[DrewW]

US AI experts had “revealed that Nvidia’s computing chips have location tracking and can remotely shut down the technology.”

Welcome to 2025. Mercedes, BMW, Audi and every other luxury car has been doing this for years. Anything else with export controls or a high theft rate is also probably phoning home.

Edit for quite tag typo.

 

[shadedmagus]

I think the article is accurate in noting that there are different factions within both the US and China supportive of / opposed to trading these chips, and we're seeing one faction's latest press release.

Agreed. Lacking important details or, more importantly, evidence, this seems like propagandistic nothingburger to me.

 

[McTurkey]

Lawmakers in Washington have expressed concern about chip smuggling and introduced a bill that would require chipmakers such as Nvidia to embed location tracking into export-controlled hardware.

This is the first I've heard about this proposed legislation. I'm going to go ahead and assume this claim from China is about getting ahead of any potential action over this, and helping bolster their domestic industry.

That said... it's entirely unnecessary to be able to track such hardware inside of a datacenter. All that is necessary is to get periodic and infrequent updates about the path a shipment is taking, and once it goes into a country it absolutely should not be going into, that's enough to trigger an investigation.

 

[Derecho Imminent]

Agreed. Lacking important details or, more importantly, evidence, this seems like propagandistic nothingburger to me.

Not seeing the purpose of this particular propaganda. They want to buy these chips, but this claim just seems give them a reason not to.

 

[Xepherys]

This belies a woeful misunderstanding of modern electronics/computing systems.

It really does not. Let's take a worst-case scenario into play. The GPU has a built-in GPS and doesn't require anything in the software layer to disable the GPU entirely when it meets some geofence requirement. It still requires power, so it has to be in a system with power applied.

GPS typically doesn't work well from within a building, and definitely not from within a metal box within a building. Since that will typically be true of any GPU usage, they can't disable chips solely because they can't access a GPD location. Plausibly the driver could check for it's own public IP address, but this is easily circumvented by not having an internet connection - which doesn't preclude internal networking. Any means to absolutely ensure that the device functions in the US and never functions in China would require Draconian practices, leaning toward disabling chips when they can't verify an acceptable location. Anything less is far too easy to spoof even for the average power user, let alone a foreign government.

Also, "belies" doesn't mean what you seem to think it means.

It is a perfectly cromulent use of "belies".

Umm, watches that have GPS are notoriously larger than watches without.

This is demonstrably untrue. The MIA-M10 is a whopping 4.5mm², and if the GPS module is built into another chip, the whole size may not be much larger even with other functionality. My Apple Watch is no larger than any other watch I've ever owned, the vast majority of which weren't digital at all.

 

[arsisloam]

"Hey, we were reverse engineering your production samples, and we noticed these weird logic gates. Guess we have to audit your control plane source code too. For security."

/S

 

[candyfire]

If anyone on the planet is going to spot a backdoor installed into hardware, it's definitely going to be China. They've become experts at doing it themselves.

This is an article about the US doing it to China, not the other way around.

I don't tend to believe either government about stuff like this. If a reputable independent source wants to confirm or deny the allegations by actually finding the backdoor and detailing it, then that would be interesting. Governments with their "sources" and "experts" spouting politically convenient nonsense for press headlines isn't very interesting though.

 

[huskcummerbund]

This is an article about the US doing it to China, not the other way around.

I don't tend to believe either government about stuff like this. If a reputable independent source wants to confirm or deny the allegations by actually finding the backdoor and detailing it, then that would be interesting. Governments with their "sources" and "experts" spouting politically convenient nonsense for press headlines isn't very interesting though.

Read my statement again, but slower.

 

[fhernandez]

"...argue that the H20 sales would accelerate Chinese AI development and threaten US national security." But US export restrictions do not make the incentive to generate native chips BEFORE there is a REAL THREAD? I think that making they depend on US technology would make more sense.

 

[Hadrian's Waller]

This belies a woeful misunderstanding of modern electronics/computing systems.

Did you mean reveals?

 

[XSportSeeker]

Same thing as the sanctions US imposed on companies like Huawei, ZTE, and is threatening DJI with - without proof or independent auditing, there is no way of telling whether this is about something serious, or just trade war disguised as "security threat".

Major difference here is that Chinese government isn't trying to directly ban the company or trying to impose sanctions, but rather calling the business for explanation. This gives me at least a little bit more trust in what China is saying there. It's not the same modus operandi of the US who is banning or sanctioning first, and then giving weak excuses for it later on.

 

[paw]

Did you mean reveals?

I agree, either that or "this implies a woeful misunderstanding...".

It's not a perfectly cromulent use of belies, the definitions of which are:

1 (of an appearance) fail to give a true impression of(something)

2 fail to fulfil or justify (a claim or expectation)

 

[idspispopd]

I am inclined to believe China here. The US really has a terrible track record for doing underhanded things like this. At this point it is safest to assume every US product has been compromised unless proven otherwise.

They certainly spend a lot of time accusing everyone else of doing it, but time and time again it is the US getting caught doing it (and usually bragging about it). But what can you expect from a country that does profoundly evil things in the name of "national security" like their fake vaccination scam in Pakistan.

 

[Atterus]

I mean... if the CCP really doesn't want them...

Its pretty funny they think anyone cares whether it is true or not. Its assumed Chinese made stuff like routers and the like are riddled with backdoor. Huawei anyone? Lol.

Pretty sure it isnt even true. Just a lie to try gaining some technical data. Nvidia ought to just pull entirely and see how well that domestic CCP sector does on its own.