Search Tools Links Login

Marvell & Cavium's Alleged Backdoor Controversy


In 2013, documents leaked by Edward Snowden hinted at semiconductor producer Cavium, later acquired by Marvell in 2018, being a provider of semiconductors secretly manipulated for US intelligence purposes. Marvell has since refuted allegations that they or Cavium installed backdoors upon US government request.

This controversy was brought to light in Dr. Jacob Appelbaum's 2022 PhD thesis, titled "Counter-strategies against pervasive surveillance architecture." Although initially overlooked, a security blog, Electrospaces.net, recently highlighted these claims.

Dr. Appelbaum, involved with Laura Poitras in the 2012 Snowden leak and previously affiliated with the Tor Project, is now associated with Eindhoven University in the Netherlands, specializing in computer science and cryptography.

Appelbaum's thesis implies, especially through references like "Cavium CPU backdoor," that Cavium devices may have had a backdoor tailored for US intelligence. Marvell fervently denies this. A Marvell representative stated, "Marvell does not, and Cavium did not, implement 'backdoors' for any government," further emphasizing Marvell's stringent security measures and adherence to recognized security algorithm standards.

Dr. Appelbaum, however, responded by suggesting that Marvell might unintentionally have allowed vulnerabilities by employing weak cryptographic algorithms, possibly influenced by the US government.

Recounting an interaction with Michael Kanellos from Marvell, Appelbaum expressed his unanswered queries regarding Marvell's knowledge and internal reviews concerning potential NSA interference.

Reminiscent of the 2018 Supermicro controversy and Juniper's questionable algorithm use, Appelbaum’s claims add to growing concerns about technology and security.

Such challenges have provoked dialogues between corporate executives and government officials, often leading to confrontations, especially for companies with significant stakes in foreign markets like China.

Industry insiders suggest that manipulating hardware is complex, hinting that it's simpler to exploit existing vulnerabilities. This topic continues to stoke debates regarding the balance between national security and corporate ethics.

About this post

Posted: 2023-09-22
By: dwirch
Viewed: 355 times

Categories

Security

News

Privacy

Attachments

No attachments for this post


Loading Comments ...

Comments

No comments have been added for this post.

You must be logged in to make a comment.