By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

Intel has confirmed that a source code leak for the UEFI BIOS of Alder Lake CPUs is authentic, raising cybersecurity concerns with researchers. Alder Lake is the name of Intel's 12th generation Intel Core processors, released in November 2021. On Friday, a Twitter user named 'freak' posted links to what was said to be the source code for Intel Alder Lake's UEFI firmware, which they claim was released by 4chan. The link led to a GitHub repository named 'ICE_TEA_BIOS' that was uploaded by a user named 'LCFCASD.' This repository contained what was described as the 'BIOS Code from project C970.' The leak contains 5.97 GB of files, source code, private keys, change logs, and compilation tools, with the latest timestamp on the files being 9/30/22, likely when a hacker or insider copied the data. BleepingComputer has been told that all the source code was developed by Insyde Software Corp, a UEFI system firmware development company. The leaked source code also contains numerous references to Lenovo, including code for integrations with 'Lenovo String Service', 'Lenovo Secure Suite', and 'Lenovo Cloud Service.' At this time, it is unclear whether the source code was stolen during a cyberattack or leaked by an insider. However, Intel has confirmed Tom's Hardware that the source code is authentic and is its "proprietary UEFI code." While Intel has downplayed the security risks of the source code leak, security researchers warn that the contents could make it easier to find vulnerabilities in the code. "The attacker/bug hunter can hugely benefit from the leaks even if leaked OEM implementation is only partially used in the production," explains hardware security firm Hardened Vault. "The Insyde’s solution can help the security researchers, bug hunters (and the attackers) find the vulnerablity and understand the result of reverse engineering easily, which adds up to the long-term high risk to the users." Positive Technologies hardware researcher Mark Ermolov also warned that the leak included a KeyManifest private encryption key, a private key used to secure Intel's Boot Guard platform. Stay informed by visiting OUR FORUM often.