An unknown particular person has purportedly leaked the supply code for Intel’s Alder Lake BIOS onto 4chan, and a replica copy now seems to be posted to GitHub. The information are contained in a 2.8 GB zip file that expands to five.86 GB after decompression, however we have not been in a position to confirm if the contents therein are real and really comprise delicate supply code.
Information of the purported leak comes through Twitter postings from @glowingfreak and @vxunderground. We’ve reached out to Intel for remark.
The supply code to the Intel Alder Lake has been leaked on-line.* Alder Lake CPU was launched November 4, 2021* Supply code is 2.8GB (compressed)* Leak (allegedly) from 4chan* We’ve not reviewed the whole thing of the code base, it’s hugeOctober 8, 2022
The file seems to comprise a plethora of information and instruments geared for constructing a BIOS/UEFI for Intel’s Alder Lake platform and chipsets. It’s unclear the place the leaker obtained the information, however one of many paperwork does consult with “Lenovo Characteristic Tag Take a look at Data.” A few different clues have additionally emerged through the git log.
Even when the information are confirmed to incorporate delicate materials, it is unclear in the event that they may very well be used to develop exploits — particularly if it was obtained from a supply exterior to Intel. It is simple to think about that almost all motherboard distributors and OEMs would have related instruments and knowledge out there to construct firmware for Intel platforms, and Intel would doubtless scrub any overly-sensitive materials earlier than releasing it to exterior distributors. That mentioned, any delicate materials within the arms of nefarious actors isn’t good, and small bits of data can result in massive vulnerabilities. Particularly if it pertains to security measures just like the TPM (Trusted Platform Module).
Whereas we do not understand how the information had been obtained, latest hacks have focused exterior distributors to steal data from semiconductor producers not directly, thus enabling ransom makes an attempt.
The spate of latest assaults consists of an try by RansomHouse to extort AMD after it obtained 56GB of knowledge. AMD companion Gigabyte additionally had 112 GB of delicate information stolen within the notorious ‘Gigabyte Hack,’ however AMD refused to pay the ransom for the latter hack. Because of this, details about AMD’s forthcoming Zen 4 processors was divulged earlier than launch, which later proved real.
Nvidia additionally suffered a latest assault that resulted within the theft of 1TB of its information, however the GPU-making big retaliated with its personal operations to render the stolen information ineffective.
We do not know additional particulars in regards to the purported Intel leak, however we’re engaged on studying extra from the corporate. We’ll replace as needed.