Intel has confirmed that the alleged leak of its Alder Lake BIOS source code is authentic, potentially raising cybersecurity risks for customers.
Last week, the firm’s BIOS/UEFI code was apparently posted on 4chan and Github in a repository named ‘ICE_TEA_BIOS.’ This repository contains 5.97 GB of files, source code, private keys, change logs and compilation tools.
In a statement to Tom’s Hardware, an Intel spokesperson said: “Our proprietary UEFI code appears to have been leaked by a third party. We do not believe this exposes any new security vulnerabilities as we do not rely on obfuscation of information as a security measure. This code is covered under our bug bounty program within the Project Circuit Breaker campaign, and we encourage any researchers who may identify potential vulnerabilities to bring them our attention through this program. We are reaching out to both customers and the security research community to keep them informed of this situation.”
It is currently unclear how the source code was accessed, and who was responsible.
The leak relates to Intel’s 12th generation Intel Core processors, released in November 2021. Despite Intel’s reassurances, the leak could pose a security risk for customers, making it easier for cyber-criminals to discover vulnerabilities in the product.
Sam Linford, vice president of EMEA Channels at Deep Instinct, commented: “The theft of source code is an extremely scary prospect for organizations and can open the door to cyber-attacks. Source code holds massive value to cyber-criminals as it is part of a company’s intellectual property.
“Cyber-criminals are always looking for new techniques or vulnerabilities in order to catch security teams off guard. Incidents like this, where stolen source code could be used to launch cyber-attacks, shows us that it is crucial that we start looking towards a prevention-first mindset.”
There have been numerous incidents of an organization’s source code being leaked this year. In August 2022, password management firm LastPass revealed that portions of its source code were stolen, and in September 2022, a hacker stole source code for Grand Theft Auto 5 and the in-development version of Grand Theft Auto 6 from gaming giant Rockstar Games.