A group of security researchers from Technical University (TU) Berlin have identified a vulnerability in the AMD-based Media Control Unit in modern Tesla vehicles, allowing them to unlock paid features and gain access to other subsystems. The researchers exploited a known flaw in the AMD processor that controls Tesla’s MCU. The attack targeted the third-generation MCU (MCU-Z), which is based on a custom AMD Ryzen SoC.

The researchers employed voltage fault injection (or voltage glitching) and attacked the AMD Ryzen SoC used in MCU-Z‘s Platform Security Processor. This attack granted them root permissions, enabling them to make persistent changes to the vehicle’s Linux system and decrypt data stored in the Trusted Platform Module (TPM). This access could potentially allow an attacker to unlock features that are typically locked behind paywalls, such as vehicle upgrades that Tesla offers for a fee.

One of the notable consequences of this exploit is that it’s considered “unpatchable,” meaning Tesla currently lacks a known solution to mitigate it. Furthermore, the exploit could extract a hardware-bound RSA key used for authenticating and authorizing a car within Tesla’s internal service network. This could potentially allow salvage-titled vehicles, which are not eligible for certain Tesla services due to damage, to access services like the Supercharging network.

It seems like AMD is in a whirlwind of issues, and it doesn’t just end there.

Smitten by Vulnerabilities 

Recently, security researchers also discovered a new bug or vulnerability—’Zenbleed’ in AMD CPUs using the Zen 2 architecture. Unlike previous exploits, Zenbleed allows remote exploitation without physical hardware access. This poses a significant security risk, particularly for enterprises that use these chips. AMD has released an update for EPYC 7002 series chips, but a comprehensive firmware fix is pending. 

Similar to Intel’s Meltdown and Spectre vulnerabilities, the exploit leverages CPU’s internal mechanisms to extract sensitive data, functioning Zenbleed’s impact could be substantial due to slow enterprise security update adoption. Addressing this requires changes in cybersecurity approaches. 

While the vulnerability itself is common, the challenge lies in effectively deploying fixes, as prolonged exposure to such vulnerabilities can lead to more potent hacking strategies in the future.

Not just that, AMD discreetly disclosed 31 new CPU vulnerabilities through a January update, affecting both its consumer-oriented Ryzen chips and EPYC data centre processors. The company collaborated with researchers from Google, Apple, Oracle, and others in a coordinated disclosure to develop mitigations before public disclosure. These vulnerabilities, affecting Ryzen desktop, HEDT, Pro, and Mobile processors, can be exploited via BIOS manipulation or attacks on the AMD Secure Processor bootloader. 

AMD has detailed AGESA revisions for OEMs to patch the vulnerabilities, with BIOS patches’ availability varying by the vendor. The vulnerabilities also impact EPYC processors, with four high-severity variants enabling arbitrary code execution and data integrity issues. With AMD gaining market share, scrutiny of its architectures for security gaps is increasing. Recent vulnerability disclosures include Meltdown-like variants, Hertzbleed, and Take A Way.

As the chipmaker looks to handle these issues, it also faces demands and stiff competition

Pursuit of NVIDIA

With Generative AI set to grow by 31% annually, reaching a substantial $152 billion market by 2032, AMD’s growth potential is contingent on capturing more market share. However, this requires adept product development amidst competition from NVIDIA, which is also ready to supply AI chips.

To bolster its standing, AMD is channelling resources into AI-related research and development, aiming to provide customers with specialised AI chips and tailored software solutions. Su envisions AI as a potent growth driver, expected to gain momentum with Microsoft and other major software providers incorporating generative AI into their offerings, thereby igniting demand for PCs.

In a bid to close the gap with NVIDIA, AMD plans to launch chips that directly compete with Nvidia’s offerings in the fourth quarter of 2023. Reuters reports that AMD aims to significantly ramp up production of its flagship MI300 artificial intelligence chips to challenge NVIDIA’s H100 chips.

Despite robust demand for its MI300 series chips, AMD faces hurdles in the Chinese market due to performance constraints imposed by export controls. These restrictions have led to the inability to sell MI300 chips in China. In contrast, NVIDIA and Intel have developed specialized chips to meet these performance limits. CEO Su reassured investors of AMD’s commitment to full compliance with US export controls.

In this evolving landscape, analysts offer diverse perspectives on AMD’s trajectory. Jenny Hardy, a portfolio manager at GP Bullhound, who holds both NVIDIA and AMD stocks, holds an optimistic view. Hardy believes that if AMD effectively ramps up production and launches MI300 chips in the fourth quarter, it could help address supply constraints, filling the gap left by the scarcity of NVIDIA chips.

Morningstar maintains a favourable outlook on AMD’s potential to effectively compete with NVIDIA in the Generative AI realm, holding a target stock price of $130 following the second-quarter earnings report.

Senior Director Brian Colello echoed similar optimism, pointing to the exponential growth in AI customer engagements as a promising indicator. He foresees a surge in AI graphics processing units from late 2023 into 2024, positioning AMD as a viable secondary source to Nvidia for GPUs in AI training and inference. 

Revenue Plummets 

Lately, AMD has experienced a phase of decline spanning the past two quarters. Not just that, a consistent downward trend has been observed over four consecutive quarters of declining earnings and a subsequent drop in sales due to reduced demand for traditional personal computers and servers.

Earlier this month, AMD announced results that outperformed expectations. However, these positive outcomes were juxtaposed against a decline in revenue compared to the previous year, alongside a less-than-stellar projection for the upcoming quarter.

Considering AMD’s recent financial performance, the figures for the second quarter reveal a revenue of $5.36 billion, indicating an 18% decrease from the prior year and a 19% decrease in profits, while still surpassing estimates by $50 million. Adjusted earnings per share for Q2 reached 58 cents, slightly exceeding expectations. Looking ahead to the third quarter, revenue guidance is anticipated to reach $5.7 billion, reflecting a 2.5% growth from the previous year. However, it falls short by $110 million according to analysts’ forecasts.

AMD’s growth prospects are concentrated in its client and data centre segments. CFO Jean Hu, in the second quarter 2023 earnings call transcript, anticipates a year-over-year revenue increase in the client segment and stable performance in the data centre segment. Sequentially, both segments are projected to experience double-digit growth, while the gaming and embedded segments might face declines.

As AMD tackles challenges and pursues its AI ambitions, its journey in the technology domain assumes critical significance for both the industry and investors.