Intel has confirmed the leak of the 12th Gen Intel Core (Alder Lake) UEFI BIOS source code. It includes 5.97 GB of data, including source codes, private keys, changelogs, and compilation tools. The most recent file is dated September 30, 2022.
The researchers note that the source code contains many references to Lenovo, including "Lenovo String Service", "Lenovo Secure Suite" and "Lenovo Cloud Service". At the moment, it is not known whether the leak was the result of a cyber attack or whether the data was published by some insider.
Intel's proprietary UEFI code appears to have been made public by a third party. The company does not believe this opens up any new security vulnerabilities as Intel does not rely on information obfuscation as a security measure. This code is eligible for company's "bug bounty" program under the Project Circuit Breaker campaign.
They encourage all researchers who may discover potential vulnerabilities to bring them to the attention of this program. Intel is reaching out to both customers and the security research community to inform them of this situation.
However, information security experts are not so optimistic. The fact is that this data will help attackers to detect vulnerabilities in the code. Another problem is that the leak contains the private KeyManifest encryption key for Intel Boot Guard. If this key is indeed used by Intel, then hackers could potentially use it to change the boot policy and bypass hardware protection.
via Community
Support us
Winaero greatly relies on your support. You can help the site keep bringing you interesting and useful content and software by using these options: