His article might be a bit off but it is actually true that the University of Cambridge leaked document is off-base and even their official paper continues to clame there is a backdoor but in a way that negates itself:
"Ultimately, an attacker can extract the intellectual property (IP) from the device as well as make a number of changes to the firmware such as inserting new Trojans into its configuration."
Using a flaw in the system to "insert" a new trojan is not the same as an existing one. This and many other reasons that one sees when looking at both papers, the vendor response and then their response to the vendor make it pretty obvious that they stick to the backdoor claim to maintain face (perhaps for the original grant or clients).
but the best gem of the new paper is claiming that a crypto flaw that requires physical access to exploit = Denial of Service, considering you took out the chip or that you have physical access already.
"Ultimately, an attacker can extract the intellectual property (IP) from the device as well as make a number of changes to the firmware such as inserting new Trojans into its configuration."
Using a flaw in the system to "insert" a new trojan is not the same as an existing one. This and many other reasons that one sees when looking at both papers, the vendor response and then their response to the vendor make it pretty obvious that they stick to the backdoor claim to maintain face (perhaps for the original grant or clients).
but the best gem of the new paper is claiming that a crypto flaw that requires physical access to exploit = Denial of Service, considering you took out the chip or that you have physical access already.