Intel confirmed Authenticity of Alder Lake BIOS leak and other source code details this generation of processors. The scope and risks of the breach are unknown, but some sources suggest it may pose a serious cybersecurity problem.

Last Friday, a user posted links to what he said was Alder Lake BIOS source code on Twitter. The link led to a GitHub repository called ‘ICE_TEA_BIOS’ with 5.9 GB of data. The repository has already been removed, but can be found anywhere. Worst of all, an Intel spokesperson confirmed the truth of the information: «it seems that our proprietary UEFI code has been leaked by a third party«.

Alder Lake BIOS, a problem in the wrong hands

BIOS/UEFI systems are firmware-like programs that run when a computer starts up and provide low-level communication, operation, and basic configuration of system hardware. Also advanced sections like connecting with the Trusted Platform Module (TPM) which is mandatory to use systems like Windows 11. And hence the concern in the security community.

The leak contains 5.97GB of files, source code, private keys, changelogs and build tools with the latest timestamp on the files dated September 30, 2022, presumably when the data was taken by the hacker.

Although it is not yet confirmed, everything points to the hack of the Chinese firm Insyde Software Corp, which specializes in the development of firmware for UEFI. This company works for major OEMs and in fact the source code contains numerous references to Lenovo and connections to their “Cloud Service” or “Secure Suite”.

Intel downplayed the security risks of the leak, but security firms are warning about them “high long-term risk to users” and potential issues with Intel’s intellectual property and the security of its processors.

The leaked data is being studied, but has already been located private encryption key KeyManifest using protect the Intel Boot Guard platform, essential in the chip giant’s entire ecosystem. It is not known if this private key is used in production, but hackers could use it to change the boot policy in Intel firmware and bypass hardware security. A very serious security issue.

Another problem may come MSR filtration (model-specific registers), special registers that only privileged code such as the BIOS or operating system can access. Vendors use them to include various CPU capabilities, such as enabling special modes for debugging, performance monitoring, or certain types of instructions.

It is certain that cybercriminals are already studying source code with intent discover vulnerabilities and backdoors. The “positive” part is that they will also have access to the same security researchers. An Intel spokesperson actually explained that this code is covered by their bug bounty program. Project circuit breaker. and encourage any researcher to report any potential vulnerabilities they identify.

Finally, remember that BIOS/UEFI attacks are complex, but possible and critical if successful. The same through the manipulation of MSR records, which play an important role in computer security. There are hundreds and most undocumented discovered for Intel and AMD processors as well. Hacking attempts often target third-party vendors to indirectly steal information from semiconductor manufacturers, enabling ransomware attempts, and this one could follow. We will update with more information.