Security expert @vxunderground said that an anonymous person posted the source code of Intel Alder Lake on 4chan, mainly involving some files for the Intel Alder Lake platform and chipset BIOS/UEFI and tool.
@glowingfreak added that a copy of the BIOS source code for the C970 project has appeared on GitHub last week, the compressed file is about 2.8GB in size, and the unzipped file is 5.86GB, but we are currently unable to verify whether the content is true, and whether Contains sensitive code, Intel has not responded.
The source code to the Intel Alder Lake BIOS*** has been leaked online.
— vx-underground (@vxunderground) October 8, 2022
Even with the ability to edit tweets we make typos. tl;dr Tweeting is hard work and serious business. pic.twitter.com/E6c2A1mlxT
It's unclear where the leaker got the files, but one mentions "Lenovo feature tag test information" and @SttyK found other clues through the git log.
Interesting git log #OSINT https://t.co/05xDkqMqnD pic.twitter.com/uqYVIFF3wc
— SttyK (@SttyK) October 8, 2022
At present these files cannot prove whether they contain sensitive files, and it is not clear whether they will be used for vulnerability development.
It's worth mentioning that most motherboard brands and OEM manufacturers have similar tools and information, mainly for developing appropriate firmware and optimizations for Intel platforms, although Intel tends to remove some overly sensitive material.
But anyway, any internal material is at risk of being leaked, and even a few sentences of source code can cause major security incidents, especially when the code involves security features such as TPM.
While we don't know how the files were obtained, recent hacking attacks have been particularly frequent, with several large groups choosing to steal inside information from tech companies and semiconductor manufacturers one after another, raising suspicions of motives other than extortion.
A recent series of hacking incidents include RansomHouse obtaining about 450GB of AMD data and extorting it, and AMD, Intel, AMI, NVIDIA partner Gigabyte also took place in the infamous "Gigabyte Hack", which was obtained by RansomExx About 112 GB of sensitive data.
In addition, Nvidia was also recently attacked by the hacker group LAPSU$, resulting in the theft of more than 1TB of its data, including some documents and source code for future technologies, but the giant fought back with its own hard power, making the stolen data become useless.
0 Comments