Shulou(Shulou.com)11/24 Report--

Thanks to CTOnews.com netizens Coje_He and OC_Formula for the clue delivery! CTOnews.com, Oct. 10, earlier this month, an anonymous person released the suspected Intel 12 Core Alder Lake BIOS source code to 4chan and Github, where the 5.97GB file contains tools and code for building and optimizing BIOS / UEFI images.

Now, Intel has issued a statement to foreign media Tom's Hardware confirming that the leaked code is true:

Our proprietary UEFI code appears to have been compromised by a third party. But we don't think this will expose any new security vulnerabilities, because we don't rely on information confusion as a security measure. Previously, this code has been covered in our Project Circuit Breaker vulnerability incentive program and any researchers who may identify potential vulnerabilities are encouraged to participate in the program. We are contacting customers and the security research community to let them know about the situation.

CTOnews.com learned that the computer's BIOS / UEFI is used to initialize the hardware before loading the operating system. Although Intel officially says there are no new vulnerabilities, now that the BIOS / UEFI code has been made public and officially recognized by Intel, some lawbreakers and security researchers will still try to look for potential backdoors and security vulnerabilities, so we still need to be vigilant.

Previously, security researcher Mark Ermolov analyzed the code and found that the secret MSR (model specific register) usually reserved for privileged code, so there may be security problems, as well as a dedicated signature key for Intel Boot Guard, which may invalidate this function. In addition, BootGuard and TXT (Trusted Execution Technology) also show signs of ACM (Authenticated Code Modules, authentication code module), indicating potential problems in the future.

Intel has yet to confirm who leaked the code, where and how. Currently, the GitHub repository of the leaked code has been deleted and there is no sign of blackmail.

A series of recent hacker attacks include RansomHouse's access to AMD's approximately 450GB data and extortion, as well as the infamous "Gigabyte Hack" of AMD, Intel, AMI and Nvidia partner Gigabyte, which resulted in about 112 GB of sensitive data obtained by RansomExx.

In addition, Nvidia was recently attacked by the hacker organization LAPSU$, which led to the theft of more data than 1TB, including some documents and source code for future technology, but the giant fought back with its own hard power, making the stolen data useless.

"Intel Alder Lake source code is suspected to have been leaked, and NVIDIA, AMD and other companies have been attacked by hackers one after another."

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.