Intel has verified that the alleged leak of its Alder Lake BIOS resource code is genuine, most likely boosting cybersecurity risks for buyers.
Last 7 days, the firm’s BIOS/UEFI code was apparently posted on 4chan and Github in a repository named ‘ICE_TEA_BIOS.’ This repository contains 5.97 GB of documents, source code, personal keys, change logs and compilation applications.
In a statement to Tom’s Components, an Intel spokesperson said: “Our proprietary UEFI code appears to have been leaked by a third bash. We do not believe that this exposes any new security vulnerabilities as we do not depend on obfuscation of data as a security measure. This code is included under our bug bounty application inside the Job Circuit Breaker marketing campaign, and we encourage any researchers who may discover prospective vulnerabilities to carry them our notice as a result of this system. We are achieving out to both equally buyers and the security exploration local community to preserve them informed of this condition.”
It is at the moment unclear how the resource code was accessed, and who was dependable.
The leak relates to Intel’s 12th era Intel Main processors, unveiled in November 2021. Irrespective of Intel’s reassurances, the leak could pose a security risk for clients, building it easier for cyber-criminals to find out vulnerabilities in the product or service.
Sam Linford, vice president of EMEA Channels at Deep Instinct, commented: “The theft of source code is an incredibly terrifying prospect for corporations and can open up the doorway to cyber-assaults. Source code retains enormous worth to cyber-criminals as it is portion of a company’s mental residence.
“Cyber-criminals are normally searching for new strategies or vulnerabilities in order to catch security groups off guard. Incidents like this, in which stolen supply code could be applied to start cyber-attacks, reveals us that it is vital that we start off on the lookout in the direction of a avoidance-initial state of mind.”
There have been various incidents of an organization’s source code currently being leaked this yr. In August 2022, password management organization LastPass unveiled that portions of its source code were stolen, and in September 2022, a hacker stole supply code for Grand Theft Automobile 5 and the in-development edition of Grand Theft Automobile 6 from gaming big Rockstar Video games.
Some parts of this article are sourced from:
www.infosecurity-journal.com