Intel Confirms Alder Lake BIOS Source Code Leak

Published by

teaser

The source code for Intel's Alder Lake BIOS was leaked to 4chan and Github, with the 6GB file containing tools and code for generating and optimising BIOS/UEFI images. 



A computer's BIOS/UEFI initialises the hardware before the operating system loads, therefore one of its many jobs is to create connections to specific security mechanisms, such as the TPM (Trusted Platform Module). Now that the BIOS/UEFI code has been released into the world and Intel has validated its legitimacy, both malicious actors and security researchers will certainly examine it in search of potential backdoors and security holes.

However, the impact and range of discoveries may be limited. To design firmware for Intel systems, most motherboard makers and OEMs would have identical tools and knowledge. Furthermore, Intel's remark that it does not use information obfuscation as a security strategy implies that it has purged the most unduly sensitive material before releasing it to external vendors.

" Intel - "Our proprietary UEFI code appears to have been leaked by a third party. We do not believe this exposes any new security vulnerabilities as we do not rely on obfuscation of information as a security measure. This code is covered under our bug bounty program within the Project Circuit Breaker campaign, and we encourage any researchers who may identify potential vulnerabilities to bring them our attention through this program. We are reaching out to both customers and the security research community to keep them informed of this situation." — Intel spokesperson. "

Intel Confirms Alder Lake BIOS Source Code Leak


Share this content
Twitter Facebook Reddit WhatsApp Email Print