Intel confirmed that the source code UEFI BIOS of the twelfth generation chips Alder Lake, published online in recent days, is authentic. This has created concerns in the community of experts di cybersecurity. Although the company explains that there should be no security risks.
Intel: The leaked BIOS source code is genuine
Last Friday a user called just ‘freak’ posted that he had access to the source code of the UEFI firmware of the Alder Lake chips, explaining that some hackers had published it on 4chan. The link on the social network refers to a Github repository, a platform where programmers publish open source code.
In the repository “ICE_TEA_BIOS“A user named”LCFCASD“Published the code”BIOS form project C970″. The leak contains 5.79 GB of files, source code, private keys, change logs and file compilation tools, last modified on September 30th. Assuming that an employee of a company that works with Intel has sold the files or been hacked for access.
Fonte: BleepingComputer
From what appears, the code appears to be produced by Insyde Software Corp, a company that develops UEFI software. But in the code there are also several references to software Lenovo. But at the moment it is not clear where the leak came from, nor is it produced by a hacker, by selling information or simply by an error.
However Intel explained to Tom’s Hardware USA that “it appears our UEFI Proprietary Code has been leaked by a third party. We do not believe this represents any security vulnerabilities because we do not resort to the obfuscation of information as a security measure “. However, Intel urges researchers to identify any vulnerabilities and report them as part of Project Circuit Breaker, where the company rewards those who find risks on their code.
However, many security experts think there may be risks if cybercriminals find vulnerabilities before ‘good’ hackers. It is therefore worthwhile pay special attention tolla cybercsecurity if you have a 12th generation Intel processor.