Data leaks continue. After Rockstar Games’ impressive hack a few weeks ago, it’s Intel’s turn to find itself in the middle of a dark case of data piracy. The source code for the Alder Lake processors was actually posted on the 4chan forum at the very beginning of this month of October.
Intel doesn’t panic
To be more specific, it is the BIOS/UEFI software source code of Intel chips that leaked. UEFI allows the computer to boot properly, ensures the compatibility of all components with each other and manages lower-level tasks such as hard disk management, keyboard backlighting or machine boot order. It is a micro operating system that launches before Windows starts. In view of the access that this software offers to the various components of the machine, its source code is normally well protected.
Unfortunately for Intel, an Internet user has obviously got his hands on the version of this software dedicated to Alder Lake processors and has published a link to the five and some gigs of data on 4chan. The company has also confirmed the authenticity of the leak to Tom’s Hardware. “Our UEFI code appears to have been leaked by a third party (…) We are talking to both our customers and the community of cybersecurity specialists to keep them informed of this situation”details the famous processor manufacturer.
Risks difficult to measure
The extent of the risks caused by the publication of these data is not yet very clear. For its part, Intel assures that “this does not pose a threat, as we do not employ data obfuscation as a security measure”. The company even encourages those who find possible problems in the code to report them through its Bug Bounty program. Other cybersecurity specialists are more concerned.
HardenedVault, a company specializing in computer hardware security, explains that malicious hackers could “taking advantage of this leak even if the code is only partially used on a machine (…), which increases the long-term risk for users”. As BleepingComputer noticed, one of the software’s encryption keys was also leaked, which could potentially allow corrupted versions of UEFI to be installed on a machine.
If the source code and the encryption key are indeed used in the latest versions of the software, it could create some serious headaches for Intel, in addition to making a whole host of computers vulnerable to possible hacks. Despite everything, the company seems confident in its risk reduction measures. Only time will tell if good or bad hackers have found significant vulnerabilities in Intel’s code.