Website BleepingComputer reports that the source code of Intel’s Alder Lake processor BIOS has recently been leaked. Intel has since confirmed the breach.
According to BleepingComputer, 6GB of data containing the source code of Intel’s Alder Lake processor BIOS was published on 4chan and GitHub last week. The leaked data contains various tools and code for building and optimizing BIOS/UEFI images. These files boot the hardware before the operating system is loaded. The files are responsible for setting up connections to security mechanisms such as TPM.
Intel has since confirmed the breach. According to the chip giant, the leak did not lead to any new security vulnerabilities. The source code was already available for the bug bounty program in the Project Circuit Breaker campaign. Intel does warn that both legitimate and malicious parties can access the code as a result of the breach. The chip giant expects cybercriminals to analyze the code for possible backdoors and vulnerabilities.
It is not known how the source code leak occurred or who is responsible. The GitHub repository in question was copied numerous times before its deletion. The original repository was created by an employee of Chinese manufacturer LC Future Center.
LC Future Center produces laptops for original equipment manufacturers (OEMs) like Lenovo. Furthermore, one of the leaked documents refers to ‘Lenovo Feature Tag Test Information’. Others refer to a company called Insyde Software, which provides system components to Lenovo as well.
No exploits of the BIOS source code have been found at this time. Although the impact is considered to be limited, security researcher Mark Ermolov examined the code and found secret Model Specific Registers (MRS) for privileged code, which can cause security problems.
Ermolov also found a private singing key for Intel Boot Guard and signs of Authenticated Code Modules (ACMs) and Trust Execution Technology (TXT). Both could cause problems for the ‘root of trust’ in the future, the researcher indicated.
Attacks on chip manufacturers via third parties are increasingly common. AMD, Gigabyte and Nvidia faced such attacks in the past.