Data breaches happen frequently because hackers are always on the move, lurking in the dark to find any weaknesses in systems they are trying to exploit.
And this time, hackers managed to steal Intel's proprietary source code, and leaked them.
The chipmaker said that it's its Alder Lake source code that has been stolen and leaked. The hacker in question posted in on the anonymous imageboard website 4chan, Reddit, and the Microsoft-owned open source developer platform GitHub.
"Our proprietary UEFI code appears to have been leaked by a third party," Intel said, confirming the hack and the leak.
In all, data that is contained in a 2.8 GB zip file that expands to 5.86 GB after decompression, include tools and code for building and optimizing the chip's 'BIOS/UEFI' images for the 12th Gen Intel Core Alder Lake processors..
The working of the 'BIOS/UEFI' code of the computer is to initialize the hardware before the operating system has loaded.
Among its many responsibilities, is to establishes connections to certain security mechanisms, like the TPM (Trusted Platform Module).
Intel doesn't provide much details about the leak, but one of the documents does refer to "Lenovo Feature Tag Test Information," suggesting that the OEM was the source of the leak.
"We do not believe this exposes any new security vulnerabilities as we do not rely on obfuscation of information as a security measure. This code is covered under our bug bounty programme within the Project Circuit Breaker campaign, and we encourage any researchers who may identify potential vulnerabilities to bring them to our attention through this program," a company spokesperson was quoted as saying.
Intel said it is reaching out to both customers and the security research community to keep them informed of this situation.
In addition, Intel said that the hack and the leak doesn't pose any security or privacy risks, since the data contained within this BIOS/UEFI code doesn't "rely on obfuscation of information as a security measure".
While Intel claims that the code is covered under the bug bounty program, security researchers have taken this more seriously.
Knowing that the BIOS/UEFI code is in the wild and Intel has confirmed it as legitimate, both nefarious actors and security researchers alike are probing it to search for potential backdoors and security vulnerabilities.
One of whom, is Mark Ermolov, a prominent researcher. He suggests that the leak can be an issue, since he identified that the code include MSRs (Model Specific Registers).
Mark believes that MSRs are usually considered as a privileged code and could cause a security problem in the 12th Gen Intel Core series processors.
Alder Lake is Intel's codename for its 12th generation Intel Core processors that are based on a hybrid architecture utilizing Golden Cove performance cores and Gracemont efficient cores.
Fabricated using Intel's Intel 7 process, which was previously referred to as Intel 10 nm Enhanced SuperFin (10ESF), Alder Lake chips are 10%-15% fater than Intel's Tiger Lake processors.
Alder Lake was officially announced on October 27, 2021
Alder Lake is replaced by Raptor Lake in 2022.