Intel has confirmed a source code leak of the UEFI BIOS of Alder Lake CPUs. The American multinational corporation and technology company established that the source leak was authentic and shared its concerns over its misuse, which could lead to an infrastructure-level disruption of Intel-based computers. Alder Lake is the latest Intel’s 12th generation Intel Core processors used in modern Intel-powered computers.
On Friday, a Twitter user named ‘Freak’ shared links to what is believed to be the source code for Intel Alder Lake’s UEFI firmware. The post claimed that an unknown 4chan account released the source code. The links led to a GitHub repository named ‘ICE_TEA_BIOS,’ created by a user named ‘LCFCASD.’ The repository is believed to have contained the source BIOS code from project C970.
Alder Lake BIOS source code leaked
The repository contained source code files, folders, private keys, logs, and compilation tools worth 5.96 GB. The timestamp of the files was recorded on 9/30/22, which indicates that the hacker created the repository or stole the files in September 2022.
According to reports, the source code also contained data pieces referring to Lenovo, including code for ‘Lenovo String Service,’ ‘Lenovo Secure Suite,’ and ‘Lenovo Cloud Service.’ However, the Twitter user did not directly inform who leaked the data or which cyberattack could be responsible for it.
Despite the anonymity of the leaker’s name, Intel has confirmed the authenticity of the source code and shared with the online publication Tom’s Hardware that the content posted on the repository is “proprietary UEFI code.”
Alder Lake BIOS concerns security researchers
Security experts have advised users about the security dangers of the leak and how the source code could be reverse-engineered by threat hackers to be used in future exploits. Experts claimed that the attacker could take advantage of the source code even if the disclosed OEM implementation were only partially deployed in the production.
Moreover, a private encryption key called the KeyManifest (a key to secure Intel’s Boot Guard) was also released along with the source code. All the stolen content could be detrimental to the users if the hackers can find backdoors to infiltrate the Intel firmware’s boot policy and get beyond hardware protection.
