In case you missed it, AMD suffered a massive cybersecurity breach, losing the source codes to their Navi 10, Navi 21 and Arden GPUs in a hack!
Here is a summary of how the hack went down, and what this could mean for AMD and their partners…
AMD GPU Source Code Hack : A Quick Summary
A hacker managed to get her hands on AMD source codes for current and future graphics products, and has apparently tried to blackmail AMD.
After that failed, she leaked some of the source codes on Github, and threatened to release everything if she does not find a buyer.
The hacker recently leaked some of the source codes on Github, which was quickly removed after AMD issued a DMCA notice.
She has treated to release all of the stolen source codes, if she does not find a buyer for them,.
AMD GPU Source Code Hack : The Timeline
A hacker called Palesa hacked into an unprotected computer / server, where she found and downloaded AMD source codes, which were determined to be for :
- the current Navi 10 GPU (based on RDNA)
- the upcoming Navi 21 GPU (based on RDNA 2), as well as
- the Arden SoC for the Microsoft Xbox Series X console.
The source code was unexpectedly achieved from an unprotected computer / server through some exploits.
I later found out about the files inside it. They weren’t even protected properly or even encrypted with anything which is just sad.
Palesa told TorrentFreak that she valued the source codes at $100 million, but did not reveal how she came to that mind-blowing valuation.
Palesa contacted AMD, allegedly to blackmail them into paying for the return of the source codes.
Rumours started circulating that a hacker obtained the source codes for Navi 10, Navi 21 and Arden.
24 March 2020
AMD discovered that some of the source codes were uploaded to the new xxXsoullessXxx repository on Github, as the project called AMD-navi-GPU-HARDWARE-SOURCE.
They issued a DCMA notice, notifying Github that, “This repository contains intellectual property owned by and stolen from AMD.” and that “The original IP is held privately and was stolen from AMD.”
Github took down that repository, as well as four other repositories that AMD later identified as forks :
25 March 2020
When contacted by TorrentFreak, Palesa said that she will leak all of the stolen source codes if she does not get a buyer for them :
If I get no buyer I will just leak everything.
AMD issued this statement on the theft of their graphics IP :
At AMD, data security and the protection of our intellectual property are a priority. In December 2019, we were contacted by someone who claimed to have test files related to a subset of our current and future graphics products, some of which were recently posted online, but have since been taken down.
While we are aware the perpetrator has additional files that have not been made public, we believe the stolen graphics IP is not core to the competitiveness or security of our graphics products. We are not aware of the perpetrator possessing any other AMD IP.
We are working closely with law enforcement officials and other experts as a part of an ongoing criminal investigation.
AMD GPU Source Code Hack : What Was Leaked So Far?
According to WCCFTech who spoke to people who have vast experience with Verilog, and viewed those source codes, this was what was leaked so far :
- Partial Verilog files that are typically used in the construction of processors.
- The Verilog files in question represent a single and isolated function(s) on the GPU – NOT the whole/actual GPU blueprint.
- Based on the leaker’s screenshots, the files not yet leaked are more of the same and also nowhere close to being a complete “source code”.
- These Verilog files are built on a proprietary schematic that is only compatible with AMD’s internal design language (in other words, these are going to be close to useless to a third party).
AMD GPU Source Code Hack : The Implications
From what those experts told WCCFTech, the leaked source codes :
- cannot be used to design or reverse engineer any of the three GPUs.
- cannot be used to easily determine product specifications
- cannot be used to bypass security features on AMD GPUs, although they may reveal vulnerabilities that can be exploited
- does not contain any “crown jewel” IP
That said, their opinions are based on what was leaked so far. It is possible that Palesa may have at lot more that she has not revealed.
But considering the fact that she took the step of leaking some source code, they are likely not useful or important enough to be worth the trouble, especially now that a criminal investigation is underway.
What this leak has likely achieved is put a target on Palesa’s back, cause some embarrassment to AMD, and force them to relook at their cybersecurity measures and protocols.
- AMD Ryzen 9 4900H : 8C/16T High Performance Mobile APU!
- AMD Datacenter Leadership In 2020 & Beyond!
- AMD PC & Console Gaming In 2020 & Beyond (Rick Bergman)
- AMD Graphics Roadmap 2020 by David Wang
- AMD Computing Roadmap 2020 by Mark Papermaster
- AMD Financial Analyst Day 2020 : What You Need To Know!
- El Capitan Supercomputer : AMD Selected As Node Supplier!
- Did AMD Just Spank ASUS For ROG Overheating Fiasco?
- AMD Ryzen 3 2300X : OEM Model Goes Retail!
- Why ASUS Cannot Blame AMD For Overheating ROG Cards
- ASUS TUF RX 5700 Cards Are Also Overheating, Remember?
- ASUS Blames AMD For Overheating ROG RX 5700 Cards!
- AMD Ryzen 5 3500X : China-Only Model Goes Global!
- How To Optimise For 64 Cores : An AMD Guide!
- AMD Threadripper 3990X : World’s First 64-Core HEDT CPU!
- RX 5600 XT vs RTX 2060 (Super) Price-Performance!
- SAPPHIRE PULSE RX 5600 XT Review : RTX 2060 Killer!
- AMD Radeon RX 5600 XT Power Up BIOS Guide!
- Tech ARP Mobile GPU Comparison Guide Rev. 19.1
- GIGABYTE Radeon RX 5600 XT : Now 180W Strong!
- AMD Clarifies Last-Minute RX 5600 XT Overclocking!
- Yes! AMD Radeon RX 5600 XT Gets SUPER Power-Up!
- HUAWEI MateBook D 15 : Malaysia Online Deal Revealed!
- The Desktop Graphics Card Comparison Guide Rev. 37.1
- HUAWEI MateBook D 15 (Ryzen) Malaysia Roadshow Offer!
Go Back To > Cybersecurity | Computer | Software | Home
Support Tech ARP!