Intel has confirmed that the UEFI BIOS source code leak for Alder Lake CPUs is authentic, raising researchers’ cybersecurity concerns.
Alder Lake is the name of the 12th generation Intel Core processors, which were released in November 2021.
On Friday, a Twitter user called “Stranger” posted links to what was said to be the source code for the Intel Alder Lake UEFI firmware, which they claim was released by 4chan.
The link led to a GitHub repository called “ICE_TEA_BIOS” which was uploaded by a user called “LCFCASD”. This repository contained what was described as “BIOS code from Project C970”.
The leak contained 5.97GB of files, source code, private keys, changelogs, and compilers, with the latest timestamp on the files being 9/30/22, most likely when a hacker or insider copied the data.
BleepingComputer was told that all source code was developed by Insyde Software Corp, a UEFI firmware development company.
The leaked source code also contains several references to Lenovo, including the code for integration with “Lenovo String Service”, “Lenovo Secure Suite” and “Lenovo Cloud Service”.
At the moment, it is not clear whether the source code was stolen during a cyber attack or was leaked by an insider.
However, Intel has confirmed to Tom’s devices The source code is original and is its “UEFI code”.
“Our UEFI code appears to have been leaked by a third party. We do not believe this exposes any new vulnerabilities as we do not rely on steganography as a security measure. This code is covered under our bug bounty program within the Project Circuit Breaker campaign, and we encourage Any researcher may identify potential vulnerabilities to bring to our attention through this program. We are reaching out to both customers and the security research community to keep them informed of this situation.” — Intel spokesperson.
Relevant Security Researchers
While Intel has played down the security risks of source code leaks, security researchers have warned that the contents may make it easier to find vulnerabilities in the code.
“An attacker/bug hunter can benefit greatly from leaks even if the leaked OEM application is only partially used in production,” the hardware security company explains. reinforced vault.
“Insyde’s solution can help security researchers and bug hunters (and attackers) to find vulnerabilities and easily understand the result of reverse engineering, increasing the significant long-term risk to users.”
Positive Technology Devices Researcher Mark Ermolov He also warned that the leak included a KeyManifest private encryption key, a private key used to secure the Intel Boot Guard platform.
While it’s not clear if the leaked private key was used in production, if so, it’s possible that hackers could use it to modify the boot policy in Intel firmware and bypass hardware security.
BleepingComputer contacted Intel, Insyde, and Lenovo with questions about the leak and whether private keys had been used in production.
We will update this article with any responses as we learn more.
“Typical beer trailblazer. Hipster-friendly web buff. Certified alcohol fanatic. Internetaholic. Infuriatingly humble zombie lover.”