BIOS source code for 12th generation Intel Core processors is available on the Internet, raising concerns about future platform security
Poised to launch its new generation of Intel Core processors, Raptor Lake, later this month, the company has encountered a potentially serious security issue affecting the latest generation of its popular desktop and laptop CPUs. . Source code for the 12th Gen Intel Core UEFI BIOS , known as Alder Lake and released in November 2021, has been leaked online and confirmed to be legit by Intel .
Last Friday, the Tom’s Hardware media reported the publication in the 4Chan forum of links to the source code of the UEFI BIOS of the 12th generation of Intel Core processors. A copy of the files hosted on the GitHub repository was also released, under the name “ ICE_TEA_BIOS ” and with the description “ BIOS Code from project C970 ″, which has since been removed.
The download, consisting of a 2.8 Gb file that reaches 5.56 GB uncompressed, contains the source code, private keys, logs (records) with changes and compilation tools that allow creating and optimizing BIOS for the platform.
A BIOS is the basic system of a computer that checks and boots the hardware before the operating system can load and includes security components such as the TPM (Trusted Platform Module) on the motherboard.
After being leaked, both cybercriminals and security researchers can study the code to find vulnerabilities that allow them to circumvent the security mechanisms of computers with 12th generation Intel Core processors.
Intel has confirmed the published information to the media stating that “ our proprietary UEFI code appears to have been leaked by a third party . We do not believe this will expose any new security vulnerabilities , as we do not rely on information obfuscation as a security measure. This code is covered by our Project Circuit Breaker bug bounty program[which awards up to $100,000 to those who discover security flaws in Intel platforms] and we encourage any researcher who can identify potential vulnerabilities to contact us through this program. We are reaching out to both customers and the security research community to keep them informed about this situation.”
By information obfuscation Intel refers to the data masking security method of making changes to the code to hide sensitive information, suggesting that information is not in the code and cannot be extracted .
The “third party” that Intel refers to would be the BIOS developer company Insyde Software Corp , of which there are multiple references in the leak and which provides BIOS firmware to PC builders and works with, among others, Lenovo. Other services of this last company have also been found, such as Lenovo Cloud Service or Lenovo Secure Suite. According to Tom’s Hardware, the GitHub repository with the source code was created by an employee of LC Future Center, a Chinese company that makes laptops for other brands including Lenovo .
Intel has minimized the risks of the leak, but some voices within the world of cybersecurity have warned of the risk that cybercriminals find vulnerabilities in Alder Lake processors thanks to it . According to Bleeping Computer, the hardware security company Hardened Vault has pointed out that “The attacker or bug hunter can greatly benefit from leaks even if the leaked implementation is only partially used in production . Insyde BIOS can help security researchers and bug hunters (and attackers) find vulnerabilities and easily understand the result of reverse engineering, adding to the long-term high risk to users .”
Mark Emerlow, a researcher at Positive Technologies, has pointed out that the leak includes a private key used to protect the Intel Boot Guard functionality that is responsible for preventing the boot of firmware that does not correspond to the system manufacturer. If it is a valid key for equipment already on the market, it could allow an attacker to bypass the security of the system.