Poised to launch its new generation of Intel Core processors, Raptor Lake, later this month, the company has encountered a potentially serious security issue affecting the latest generation of its popular desktop and laptop CPUs. . The 12th Gen Intel Core UEFI BIOS source codeknown as Alder Lake and which went on sale in November 2021, has been leaked on the Internet and Intel has confirmed that it is legitimate.
Last Friday, the media outlet Tom’s Hardware reported the post on the 4Chan forum of links to the source code of the BIOS UEFI of the 12th generation of Intel Core processors. A copy of the files hosted on the GitHub repository was also published under the name “ICE_TEA_BIOS” and with the description “BIOS Code from project C970″, which has since been deleted.
The download, consisting of a 2.8 GB file that reaches 5.56 GB uncompressed, contains the source code, private keys, logs (logs) with changes and build tools that allow you to create and optimize BIOS for the platform.
A BIOS is the basic system of a computer that check and start the hardware before the operating system can load and includes security components such as the TPM (Trusted Platform Module) on the motherboard.
After being leaked, both cybercriminals and security researchers can study the code to find vulnerabilities to circumvent security mechanisms of computers with 12th generation Intel Core processors.
Intel has confirmed the published information to the media stating that “our proprietary UEFI code appears to have been leaked by a third party. We do not believe this exposes new security vulnerabilities, as we do not rely on information obfuscation as a security measure. This code is covered by our rewards program for bugs [errores de software] Project Circuit Breaker [que premia con hasta 100.000 dólares a quienes descubran fallos de seguridad en las plataformas de Intel] and we encourage any researcher who can identify potential vulnerabilities to contact us through this program. We are reaching out to both customers and the security research community to keep them informed about this situation.”
By information obfuscation Intel refers to the data masking security method of making code changes to hide sensitive information, which suggests that this information is not in the code and cannot be extracted.
The “third party” that Intel refers to would be the BIOS developer company Insyde Software Corpfor which there are multiple references in the leak and which provides firmware BIOS to PC builders and works with, among others, Lenovo. Other services of this last company have also been found, such as Lenovo Cloud Service or Lenovo Secure Suite. According to Tom’s Hardware, the GitHub repository with the source code was created by an employee of LC Future Center, a Chinese company that makes laptops for other brands including Lenovo.
Intel has downplayed the risks of the leak, but some voices within the cybersecurity world have warned of the risk that cybercriminals find vulnerabilities in Alder Lake processors thanks to it. According to Bleeping Computer, the security company in hardware Hardened Vault has noted that “The attacker or hunter of bugs can greatly benefit from leaks even if the leaked implementation is only partially used in production. Insyde BIOS can help security researchers and bug hunters (and attackers) find vulnerabilities and easily understand the result of reverse engineering, which is adds to the high long-term risk to users”.
Mark Emerlow, a researcher at Positive Technologies, has pointed out that the leak includes a private key used to protect Intel Boot Guard functionality which is responsible for preventing the start of firmware that does not belong to the manufacturer of the system. If it is a valid key for equipment already on the market, it could allow an attacker to bypass the security of the system.
#Intel #confirms #source #code #leak #affecting #latest #generation #Intel #Core #processors