Marvell disputes claim Cavium backdoored chips for Uncle Sam
Allegations date back a decade to leaked Snowden docs
Cavium, a maker of semiconductors acquired in 2018 by Marvell, was allegedly identified in documents leaked in 2013 by Edward Snowden as a vendor of semiconductors backdoored for US intelligence. Marvell denies it or Cavium placed backdoors in products at the behest of the US government.
The allegations surfaced in the PhD thesis of Dr Jacob Appelbaum, "Communication in a world of pervasive surveillance: Sources and methods: Counter-strategies against pervasive surveillance architecture." Appelbaum's thesis was published in March 2022 and received little public attention until mentioned in security blog Electrospaces.net last week.
Appelbaum in 2012 worked as an investigative journalist and technical expert with documentarian Laura Poitras on the Snowden leak. He left the Tor Project in 2016 amid disputed allegations and subsequently enrolled in Eindhoven University of Technology in the Netherlands, where he is a postdoctoral researcher in computer science and cryptography.
The thesis, on page 71, footnote 21 says, "While working on documents in the Snowden archive the thesis author learned that an American fabless semiconductor CPU vendor named Cavium is listed as a successful SIGINT 'enabled' CPU vendor. By chance this was the same CPU present in the thesis author’s internet router (UniFi USG3). The entire Snowden archive should be open for academic researchers to better understand more of the history of such behavior."
The implication, made explicit by the thesis index that references the footnote as "Cavium CPU backdoor," is that at least some Cavium kit at some point contained a backdoor useful for American intelligence. Marvell disputes that it implemented a backdoor.
"Marvell places the highest priority on the security of its products," a spokesperson told The Register. "Marvell does not, and Cavium did not, implement 'backdoors' for any government.
Marvell does not, and Cavium did not, implement 'backdoors' for any government
"Marvell supports a wide variety of protocols and standards including IPsec, SSL, TLS 1.x, DTLS and ECC Suite B. Marvell also supports a wide variety of standard algorithms including several variants of AES, 3DES, SHA-2, SHA-3, RSA 2048, RSA 4096, RSA 8192, ECC p256/p384/p521, Kasumi, ZUC and SNOW 3G. All Marvell implementations are based on published security algorithm standards.
"Marvell’s market leading Nitrox family delivers unprecedented performance for security in the enterprise and virtualized cloud data centers. The Nitrox product line is the industry leading security processor family designed into cloud data center servers and networking equipment, enterprise and service provider equipment including servers, Application Delivery Controllers, UTM Gateways WAN Optimization Appliances, routers, and switches."
In a phone conversation, Appelbaum told The Register, "Marvell is answering a question that no one asked." He explained further in an email, essentially arguing that Marvell may have inadvertently backdoored its equipment by implementing weak and exploitable algorithms, such as the infamous Dual EC DRBG, that were championed by the US government so that they would be adopted by suppliers and deployed in the wild possibly for snoops to abuse.
He also suggested a vendor might agree to incorporate an exploitable weakness and ensure staff are unaware of the development. Appelbaum wrote:
Marvell's reply reminds me of other corporate responses to other Snowden archive related disclosures. Usually the nice-and-well-meaning people speaking on behalf of large corporations may accidentally mislead the public. Usually such spokespeople usually do not hold a clearance, they probably do not have a need-to-know even if they do, and they usually are not implementing or reviewing technical details of any of the systems in question.
The head of the legal team may know but it seems unlikely that others would even be permitted to know, and that is if the sabotage was done wittingly. Marvell contests that it was done wittingly but does not confirm they are absolutely certain it did not happen at all for any of their or their subsidiary products through fact-based investigations.
It is noteworthy that Marvell claims to only implement standards, as one of my questions to Marvell was if Cavium or Marvell had ever implemented Dual EC DRBG, the now confirmed to be a backdoored standard published by NIST. They did not answer. Has Cavium or Marvell ever implemented 'export grade' cryptography, for example? A backdoor may not be called a backdoor, especially if the backdoor is in a national standard or is a legal requirement using obfuscated language. NIST has at least one indication that there is a link between Dual EC DRBG and Cavium.
The alleged backdoor, in other words, could be simply the implementation of a weak yet standardized cryptography algorithm, such as Dual EC DRBG, something the NSA is believed to have encouraged as part of BULLRUN, an operation discussed in the Snowden documents that aimed to subvert encryption standards.
Appelbaum's email recounts how Michael Kanellos, director of influencer relations and marketing at Marvell, emailed him on May 24, 2023 with some questions about the footnote. Appelbaum says he responded and asked questions of his own.
"For example, I asked how they worked to discover what the NSA had stated as a fact and if they had performed a review of Cavium intellectual property during their acquisition. I emphasized that this was not an accusation against Marvell but rather an opportunity for Marvell to understand how and why the NSA would report it as an internal success," he wrote in his email.
Appelbaum explained that he has not received a reply to his questions and he would be willing to share his correspondence in the event of any dispute about that.
"As far as I know, Marvell has not reported performing an internal audit on the intellectual property that they acquired from Cavium to search for any NSA sabotage, nor have they reported performing a similar audit on Marvell related technologies," he said.
"As a simple example, I was unable to find an impact statement about how either Cavium and/or Marvell was impacted by Dual EC DRBG, if they were indeed impacted as the NIST website above indicates."
And more generally, Appelbaum asked: "Why are American technology companies being sabotaged by the American NSA as part of project BULLRUN and related programs? Why do media organizations redact rather than report the names of these American companies to the American public?"
Appelbaum's claim reminds us of allegations that surfaced in 2018 about Supermicro server motherboards containing spy chips, a claim Supermicro denied and one that didn't stand up to scrutiny. There's also Juniper's use of the aforementioned Dual EC DRBG algorithm in its NetScreen devices back in 2008 – an algorithm, as we said, is now seen as "a standardized backdoor." [PDF]
- Anatomy of suspected top-tier decade-hidden NSA backdoor
- Kremlin claims Apple helped NSA spy on diplomats via iPhone backdoor
- Remember the Clipper chip? NSA's botched backdoor-for-Feds from 1993 still influences today's encryption debates
- Remember that backdoor in Juniper gear? Congress sure does – even if networking biz wishes it would all go away
The Register spoke with a former executive at a major US-based chipmaker who said the biz frequently had to answer questions from the government about chip security. The attitude a decade ago, they said, was "we want you to make things easy and accessible for us."
Government officials would come to talk about making hardware more secure, but would bring someone along from signals intelligence or from the NSA. These were generally conversations and not demands.
"We'd say he's not welcome," the executive said. "We'd tell them to fuck off all the time."
The reason for that was this firm did a lot of business in China and understood the financial risk of being caught compromising its hardware. "But I think a lot of companies buckled," our source said.
They also said questions were raised about how the company could ensure that components made in China or Taiwan hadn't been compromised. The biz could barely make its chips work reliably in the first place, so if alterations were being made in the foundry it would be noticed, the contact noted.
But compromising hardware with added components is generally more effort and riskier than just identifying flaws in existing off-the-shelf hardware. The easier way to do it, the source suggested, is to destroy the root key with laser fault injection [PDF] and then, having broken the cryptography, to hunt around for defects that allow remotely loadable exploits. ®