Hackers warn Nvidia to open-source their GPU drivers or face data leak





Nvidia hackers are allegedly attempting to blackmail the company into open-sourcing their graphical processing unit (GPU) drivers.

As reported by Ars Technicathe Lapsus$ ransomware group, which claimed responsibility for the hack, has threatened to release files relating to Nvidia’s GPUs if the firm does not comply with its demands.

The group is said to have set a Friday deadline for Nvidia to meet its unusual demands.

The hackers reportedly wrote in a post on Telegram on Tuesday:

“So, NVIDIA, the choice is yours! Either:

-Officially make current and all future drivers for all cards open source, while keeping the Verilog and chipset trade secrets… well, secret

OR

-Not make the drivers open source, making us release the entire silicon chip files so that everyone not only knows your driver’s secrets, but also your most closely-guarded trade secrets for graphics and computer chipsets too!

YOU HAVE UNTIL FRIDAY, YOU DECIDE!”

The unorthodox demand follows the group’s previously reported demand that Nvidia remove a feature known as LHR (Lite Hash rate) from its graphics cards to make them better at performing the intense computations required for cryptocurrency mining.

The LHR feature debuted in February 2021, with the launch of Nvidia GeForce RTX 3060 models. The company added the feature to the GeForce RTX 3080, 3070, and 3060 Ti graphics cards three months later.

The LHR feature was designed to decrease the mining performance of Nvidia graphics cards to make them less attractive to cryptominers, who had been buying GPUs in huge numbers. As a result of the shift more devices were available for gamers.

“We decided to help mining and gaming community,” Lapsus$ members wrote.

“We want nvidia to push an update for all 30 series firmware that remove every lhr limitations otherwise we will leak hw folder. If they remove the lhr we will forget about hw folder (it’s a big folder). We both know lhr impact mining and gaming.”

Hackers reportedly compromised Nvidia’s internal systems over a two-day period in February, resulting in disruptions of its email services and developer tools.

After the hack came to light, LAPSUS$ claimed responsibility for compromising Nvidia’s servers and stealing over 1 TB of data.

Nvidia confirmed earlier this week that it had been hacked and that the perp was releasing employee passwords and other information on the web.

The firm said that it learned of the breach on February 23rd and that it does not expect the incident to have any impact on its operations or its ability to serve customers.

Last week, the hackers accused the firm of ‘hacking back’ and encrypting its own stolen data after connecting to the attackers’ virtual machine via mobile device management (MDM). However, the hackers claimed that to have backed up all the data.

So far, Nvidia does not appear to have agreed to any of the hackers’ demands.

The company says it has taken steps to improve its security, notified concerned authorities, and is working with cyber security experts to respond to the attack.




Leave a Comment