What I'd class as major would be some third party gaining access to NVIDIA's RTL designs and source code for their drivers for current and unreleased GPUs, but this hack doesn't sound remotely close to that. Luckily.
By whom? I'd certainly class it as major if their website could distribute malware instead of the real drivers, as that impacts everyone. Stealing nvidia's proprietary designs impacts only them.
I visited that page a few days ago to setup a new system which is, at the same time, supposed to be very secure (the proprietary drivers being one of the weak points indeed, but can't quite get around that if the GPU is to be fully functional). If this was compromised then I can start over and have a bunch of passwords and private keys to rotate.
Ransomware operators are not that clever, they go for low hanging fruit. I mean, yeah, by all means, do recon on a system you just pwned and try to do a supply chain attack, but it's outside the range of these operators. They only have a hammer, and everything just looks like a nail.
When you design a CPU or GPU, the RTL, like the core pipelines, schedulers, and various buses, are designed from the start on a certain manufacturing process where they're expected to work correctly at specific frequencies that are fast enough to feed the pipelines at the right timings, in order to get the top expected performance. Failure to meet the fabrication process expectations means the RTL design will perform much worse than expected in practice.
That's why many of Intel's past designs sucked so bad in the performance and efficiency category as their 10nm manufacturing process fell behind, so they had to scale their newer designs back on the aging 14+++++ process, which caused those CPUs to flop big time.
That is an understatement. 65nm is ten times larger than what NVidia is currently using. That means the area would be 100 times larger and any signal distances 10 times larger. And keep in mind that NVidia GPU designs already take up quite a bit of area on modern nodes.
So you'd likely have to cut it down to a 100th of modules which would run at 10th speed.
/humor
LAPSU$ extortion group, a group operating out of South America, claim to have breached NVIDIA and exfiltrated over 1TB of proprietary data.
LAPSU$ claims NVIDIA performed a hack back and states NVIDIA has successfully* ransomed their machines.
Putting down the paranoia hat. Happy weekend.
Not sure you're familiar with defense update and release schedules. As long as this gets fixed sometime in the next 5+ years, everything will be fine.
Crippling use-cases is quite difficult: how could you distinguish at hardware/firmware-level object detection for fighter jets vs object detection for cars. Under the hood everything is just a bunch of compute units with extremely wide ALUs. I would even say, it's next to impossible to cripple "AI" without crippling graphics engines and most GPGPU kernels.
EDIT: Ah, you meant drivers. Yeah, that's perhaps more doable (since the OS can provide context on the calling application), also more detectable by the end-users: many people diff drivers to find patched vulnerabilities, security researchers would eventually notice it.
It's not a very good hat, honestly.
It's just nothing someone can just do. And there is also nothing which will prevent Nvidia to debug the ml issue and revert the change.
Hacking into Nvidias corp network, infiltrating their git server, disabling security scans and then injecting a backdoor undetected in complex code?
In a process which is highly controlled due to it being a very central peace of software.
Very unrealistic.
It's easier to find or buy zero days in the wild for the same goal
https://softwareengineering.stackexchange.com/questions/1848...
There is a double cross compilation method to detect if you are infected.
I don't know, things like this just show how great it is to put unknown code into your kernel.
Number two could well be entertaining ideas about shaving a couple of items off their conquest list while the action is keeping the World busy though, and if so both trojanizing a particularly poorly defended part of billions of computing devices worldwide and securing fuller access to software and plans for "AI accelerators" would seem desirable.
It's bad to underestimate the enemy, but also bad to overestimate them.
