Network Security
Vulnerability Management
Privileged Access Management
Endpoint Security
Threat Hunting
Unified Endpoint Management
Email & Collaboration Security
Contents:
On Friday, a Twitter account going by the handle “freak” shared links to what they claimed to be the UEFI firmware source code for Intel Alder Lake, which they claim was made available by 4chan. Intel confirms the source code leak for the UEFI BIOS is authentic. Alder Lake is the name of the company’s 12th generation Intel Core processors, which was released in November 2021.
Content of the Leak
The hyperlink directed users to the “ICE TEA BIOS” GitHub project, which was posted by user “LCFCASD.” The “BIOS Code from project C970” was said to be present in this repository.
Alder Lake BIOS Source Code (Source)
According to BleepingComputer, the leaked document contains 5.97 GB of files, private keys, source code, change logs, and compilation tools. The latest timestamp on the documents is September 30th, probably the date when the threat actor copied the data.
Numerous references to Lenovo may also be found in the leaked source code, including code for “Lenovo String Service,” “Lenovo Secure Suite,” and “Lenovo Cloud Service” integrations. Whether the source code was taken during a hack or disclosed by an insider is now unknown.
An Intel spokesperson confirmed that the source code is authentic to Tom’s Hardware.
Our proprietary UEFI code appears to have been leaked by a third party. We do not believe this exposes any new security vulnerabilities as we do not rely on obfuscation of information as a security measure. This code is covered under our bug bounty program within the Project Circuit Breaker campaign, and we encourage any researchers who may identify potential vulnerabilities to bring them our attention through this program. We are reaching out to both customers and the security research community to keep them informed of this situation.
Rising Concerns Between Security Researchers
Security experts caution that while Intel has minimized the security dangers of the source code leak, its contents may make it simpler to identify flaws in the code.
The Insyde’s solution may help the security researchers, bug hunters, but also the attackers find the vulnerability and understand the result easily, which should raise concerns as it brings a long-term high risk to the users.
Mark Ermolov of Positive Technologies said that a private encryption key called KeyManifest, which is used to protect Intel’s Boot Guard platform, was also exposed in the breach.
A very bad thing happened: now, the Intel Boot Guard on the vendor’s platforms can no longer be trusted… ☹️ pic.twitter.com/K5mXcp5ipW
— Mark Ermolov (@_markel___) October 8, 2022
Currently, it is not clear if the leaked private key is used in production, but if it is, hackers could use it to bypass hardware security and modify Intel’s firmware.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.
Cristian is a Content Editor & Creator at Heimdal®, where he developed a deep understanding of the digital threat landscape. His style resonates with both technical and non-technical readers, proof being in his skill of communicating cybersecurity norms effectively, in an easy-to-understand manner.
