Beijing summons Nvidia over alleged backdoors in China-bound AI chips
(2025/07/31)
- Reference: 1753982172
- News link: https://www.theregister.co.uk/2025/07/31/beijing_nvidia_backdoors/
- Source link:
China's internet watchdog has hauled Nvidia in for a grilling over alleged backdoors in its H20 chips, the latest twist in the increasingly paranoid semiconductor spat between Washington and Beijing.
Nvidia was recently given the thumbs-up to resume sales of its made-for-China H20 AI chips after [1]Washington quietly reversed an earlier export ban on the silicon. The Trump administration originally [2]imposed the ban in April over fears the kit could wind up powering Chinese military systems.
However, Nvidia's return to the Chinese market looks set to come with strings attached, as Beijing has once again sharpened its scrutiny of foreign silicon slipping past the firewall.
[3]
In a statement [4]issued Thursday , the Cyberspace Administration of China (CAC) claimed there were "serious security vulnerabilities" in Nvidia's high-performance computing chips, which are widely used for AI workloads.
[5]
[6]
The warning presumably comes in response to the introduction of the [7]Chip Security Act , which calls for mandatory GPS-style tracking to be embedded in every AI chip exported from the United States. According to the CAC's statement, American AI experts had already revealed that Nvidia's chips contain mature "tracking and positioning" and "remote shutdown" technologies, fueling fears in Beijing that such features could be exploited to monitor or disable Chinese systems.
The CAC said it had interviewed Nvidia to discuss suspected backdoor vulnerabilities and demanded that the US chip giant "explain the security risks" and provide "relevant supporting materials." The agency cited provisions in the country's Cybersecurity Law, Data Security Law, and Personal Information Protection Law as the legal basis for the intervention.
[8]Nvidia CEO says China wouldn't risk building military supers with American AI chips
[9]Gone in 40 days: US drops ban on export of chip design tools to China
[10]Huawei's latest notebook shows China is still generations behind in chipmaking
[11]China spawns an x86 supercomputing monster, with an AMD connection
"In order to maintain the network security and data security of Chinese users, the State Internet Information Office interviewed Nvidia on July 31, 2025, and asked Nvidia to explain the security risks of the backdoor vulnerabilities in the H20 chips sold to China and submit relevant supporting materials," reads a version of the CAC's statement translated by The Register .
The H20 chip is part of Nvidia's China-specific product line, cobbled together after Washington tightened the screws on semiconductor exports in 2023 to limit China's access to high-end AI chips that could be used in military or surveillance applications.
[12]
Nvidia designed the H20 chip to sidestep US trade restrictions by dialing down performance just enough to dodge the Commerce Department's red lines, while still offering enough grunt to keep Chinese firms interested. It's based on Nvidia's Hopper architecture, the same tech underpinning its high-end H100 chips, but with trimmed-down specs to keep Uncle Sam happy.
Despite the restrictions, an estimated $1 billion worth of Nvidia AI chips, including banned models like the B200, H10, and H200, [13]wound up in China's black market last week, with vendors hawking ready-to-rack kits straight out of a "fell off a truck" story.
A spokesperson ar Nvidia told The Register : "Cybersecurity is critically important to us. Nvidia does not have 'backdoors' in our chips that would give anyone a remote way to access or control them." ®
Get our [14]Tech Resources
[1] https://www.theregister.com/2025/07/18/trump_gpu_china/
[2] https://www.theregister.com/2025/04/16/trump_responds_to_nvidias_us/
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/systems&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aIvneRQsUo37S8glt1vHqwAAAMs&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[4] https://www.cac.gov.cn/2025-07/31/c_1755675743897163.htm
[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/systems&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aIvneRQsUo37S8glt1vHqwAAAMs&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[6] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/systems&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aIvneRQsUo37S8glt1vHqwAAAMs&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[7] https://www.theregister.com/2025/05/09/senator_fights_chip_smuggling/
[8] https://www.theregister.com/2025/07/14/nvidia_ceo_china/
[9] https://www.theregister.com/2025/07/03/us_eda_export_ban_lifted/
[10] https://www.theregister.com/2025/06/23/huaweis_foldable_shows_china_years_behind_tsmc/
[11] https://www.theregister.com/2025/05/27/hygon_sugon_china_x86_supercomputing/
[12] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/systems&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aIvneRQsUo37S8glt1vHqwAAAMs&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[13] https://www.theregister.com/2025/07/24/nvidia_chips_china_whoops/
[14] https://whitepapers.theregister.com/
Nvidia was recently given the thumbs-up to resume sales of its made-for-China H20 AI chips after [1]Washington quietly reversed an earlier export ban on the silicon. The Trump administration originally [2]imposed the ban in April over fears the kit could wind up powering Chinese military systems.
However, Nvidia's return to the Chinese market looks set to come with strings attached, as Beijing has once again sharpened its scrutiny of foreign silicon slipping past the firewall.
[3]
In a statement [4]issued Thursday , the Cyberspace Administration of China (CAC) claimed there were "serious security vulnerabilities" in Nvidia's high-performance computing chips, which are widely used for AI workloads.
[5]
[6]
The warning presumably comes in response to the introduction of the [7]Chip Security Act , which calls for mandatory GPS-style tracking to be embedded in every AI chip exported from the United States. According to the CAC's statement, American AI experts had already revealed that Nvidia's chips contain mature "tracking and positioning" and "remote shutdown" technologies, fueling fears in Beijing that such features could be exploited to monitor or disable Chinese systems.
The CAC said it had interviewed Nvidia to discuss suspected backdoor vulnerabilities and demanded that the US chip giant "explain the security risks" and provide "relevant supporting materials." The agency cited provisions in the country's Cybersecurity Law, Data Security Law, and Personal Information Protection Law as the legal basis for the intervention.
[8]Nvidia CEO says China wouldn't risk building military supers with American AI chips
[9]Gone in 40 days: US drops ban on export of chip design tools to China
[10]Huawei's latest notebook shows China is still generations behind in chipmaking
[11]China spawns an x86 supercomputing monster, with an AMD connection
"In order to maintain the network security and data security of Chinese users, the State Internet Information Office interviewed Nvidia on July 31, 2025, and asked Nvidia to explain the security risks of the backdoor vulnerabilities in the H20 chips sold to China and submit relevant supporting materials," reads a version of the CAC's statement translated by The Register .
The H20 chip is part of Nvidia's China-specific product line, cobbled together after Washington tightened the screws on semiconductor exports in 2023 to limit China's access to high-end AI chips that could be used in military or surveillance applications.
[12]
Nvidia designed the H20 chip to sidestep US trade restrictions by dialing down performance just enough to dodge the Commerce Department's red lines, while still offering enough grunt to keep Chinese firms interested. It's based on Nvidia's Hopper architecture, the same tech underpinning its high-end H100 chips, but with trimmed-down specs to keep Uncle Sam happy.
Despite the restrictions, an estimated $1 billion worth of Nvidia AI chips, including banned models like the B200, H10, and H200, [13]wound up in China's black market last week, with vendors hawking ready-to-rack kits straight out of a "fell off a truck" story.
A spokesperson ar Nvidia told The Register : "Cybersecurity is critically important to us. Nvidia does not have 'backdoors' in our chips that would give anyone a remote way to access or control them." ®
Get our [14]Tech Resources
[1] https://www.theregister.com/2025/07/18/trump_gpu_china/
[2] https://www.theregister.com/2025/04/16/trump_responds_to_nvidias_us/
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/systems&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aIvneRQsUo37S8glt1vHqwAAAMs&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[4] https://www.cac.gov.cn/2025-07/31/c_1755675743897163.htm
[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/systems&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aIvneRQsUo37S8glt1vHqwAAAMs&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[6] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/systems&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aIvneRQsUo37S8glt1vHqwAAAMs&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[7] https://www.theregister.com/2025/05/09/senator_fights_chip_smuggling/
[8] https://www.theregister.com/2025/07/14/nvidia_ceo_china/
[9] https://www.theregister.com/2025/07/03/us_eda_export_ban_lifted/
[10] https://www.theregister.com/2025/06/23/huaweis_foldable_shows_china_years_behind_tsmc/
[11] https://www.theregister.com/2025/05/27/hygon_sugon_china_x86_supercomputing/
[12] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/systems&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aIvneRQsUo37S8glt1vHqwAAAMs&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[13] https://www.theregister.com/2025/07/24/nvidia_chips_china_whoops/
[14] https://whitepapers.theregister.com/
Re: Correct me if I'm wrong
Mentat74
I'd be more worried about that big honking chunk of metal we call a heatsink blocking all signals...
Re: Correct me if I'm wrong
DS999
Or the concrete reinforced roof of the datacenter.
There's zero chance that GPS integrated onto an AI chip/board would be operable in any AI datacenter. I suspect the whole thing is disinformation to get China chasing their tails and being afraid to buy US made AI chips.
It could maybe work if it is bluetooth based though as mentioned below, though that would be fairly easy to detect.
Re: Correct me if I'm wrong
Anonymous Coward
Plus, China's been doing it to us [1]since 2018 (at least), so ... (or vice versa!)
[1] https://www.theregister.com/2018/10/04/supermicro_bloomberg/
In fact
Richard Tobin
It's just an AirTag in the packaging.
Re: In fact
DS999
Having an Airtag compatible bluetooth transmitter on the AI boards is actually the only effective way I could see this working. It sure as heck can't use GPS. But an intermittent bluetooth transmitter that was pinging the iPhones and Androids of staff walking the aisles would allow that location information to get back home. The "kill switch" could be operated by treating it as putting that device in "lost mode" but instead of making a sound it blows an internal fuse in the chip to permanently disable it.
Correct me if I'm wrong
If they had "mature tracking and positioning" (i.e. GPS), wouldn't it be fairly trivial to detect the RF signals emanating from the GPU?