Intel acknowledges Alder Lake leak

By

Invites bounty hunters to comb UEFI code.

Intel has acknowledged that the UEFI code from its Alder Lake 12th-generation processors has been leaked.

Intel acknowledges Alder Lake leak

Claims of the leak emerged over the weekend in the publication Tom’s Hardware, which Intel has confirmed in a statement.

“Our proprietary UEFI code appears to have been leaked by a third party. We do not believe this exposes any new security vulnerabilities as we do not rely on obfuscation of information as a security measure,” Intel said.

Getting on the front foot, Intel made an offer to security researchers: “This code is covered under our bug bounty program within the Project Circuit Breaker campaign, and we encourage any researchers who may identify potential vulnerabilities to bring them our attention through this program.”

Project Circuit Breaker offers bounties up to $US100,000 (A$158,840).

“We are reaching out to both customers and the security research community to keep them informed of this situation,” the company concluded.

The 3GB compressed file posted to 4chan and Github was discussed on Twitter by @VxUnderground and @glowingfreak, who included a link to the Github repository.

Russian security researcher Mark Ermolov of Positive Technologies asserted that the leaked code contained the private signing key for Intel’s Boot Guard technology. 

Ermolov claimed this meant Intel Boot Guard “can no longer be trusted”, since an attacker could sign fake firmware and have it accepted as the real thing.

He also said the leak exposed model-specific registers (MSRs), used for functions like debugging and feature enabling/disabling.

Alder Lake chips first started shipping in desktops and laptops late in 2021.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

Eagers Automotive finds unauthorised access to parts of IT systems

Eagers Automotive finds unauthorised access to parts of IT systems

Hackers hit Victoria's court recording database

Hackers hit Victoria's court recording database

St Vincent's Health Australia warns cyber attack forensics could "take some time"

St Vincent's Health Australia warns cyber attack forensics could "take some time"

Yakult Australia confirms cyber incident

Yakult Australia confirms cyber incident

Log In

  |  Forgot your password?