Intel Confirms Alder Lake BIOS Source Code Leak, New Details Emerge

[correlate]

[correlate]

Level 18
Thread author
Top Poster
Well-known
May 4, 2019
801
Content source
https://www.tomshardware.com/news/intel-confirms-6gb-alder-lake-bios-source-code-leak-new-details-emerge
We recently broke the news that Intel's Alder Lake BIOS source code had been leaked to 4chan and Github, with the 6GB file containing tools and code for building and optimizing BIOS/UEFI images. We reported the leak within hours of the initial occurrence, so we didn't yet have confirmation from Intel that the leak was genuine. Intel has now issued a statement to Tom's Hardware confirming the incident:
Click to expand...
www.tomshardware.com

Intel Confirms Alder Lake BIOS Source Code Leak, New Details Emerge

Hack's perpetrator and origins remain unknown.
www.tomshardware.com www.tomshardware.com
 
  • +Reputation
  • Wow
  • Like
Reactions: Venustus, vtqhtr413, silversurfer and 4 others
upnorth

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,459
Our proprietary UEFI code appears to have been leaked by a third party. We do not believe this exposes any new security vulnerabilities as we do not rely on obfuscation of information as a security measure. This code is covered under our bug bounty program within the Project Circuit Breaker campaign, and we encourage any researchers who may identify potential vulnerabilities to bring them our attention through this program. We are reaching out to both customers and the security research community to keep them informed of this situation." — Intel spokesperson.
Click to expand...
famed security researcher Mark Ermolov has already been hard at work analyzing the code. His early reports indicate that he has found secret MSRs (Model Specific Registers) that are typically reserved for privileged code and thus can present a security problem, along with the private signing key used for Intel's Boot Guard, thus potentially invalidating the feature. In addition, there are also signs of ACMs (Authenticated Code Modules) for BootGuard and TXT (Trusted Execution Technology), portending potential future issues with the root of trust.

The impact and breadth of discoveries could be limited, though. Most motherboard vendors and OEMs would have similar tools and information available to build firmware for Intel platforms. Moreover, Intel's statement that it doesn't rely upon information obfuscation as a security measure means it has likely scrubbed the most overly-sensitive material before releasing it to external vendors.
Click to expand...
 
  • +Reputation
  • Like
  • Thanks
Reactions: Venustus, vtqhtr413, silversurfer and 2 others
You must log in or register to reply here.

Similar threads

silversurfer
    • Wow
    • Like
    • Thanks
Intel Discontinues Several 11th Gen Tiger Lake CPUs
Replies
0
Views
418
News Archive
silversurfer
silversurfer
silversurfer
    • Like
    • Wow
    • Applause
Intel Teases 6 GHz Raptor Lake at Stock, 8 GHz Overclocking World Record
Replies
1
Views
558
News Archive
silversurfer
silversurfer
LASER_oneXM
    • Like
Intel 12th-Gen Alder Lake Release Date, Pricing, Benchmarks, Specs, and All We Know
Replies
0
Views
868
News Archive
LASER_oneXM
LASER_oneXM

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top