- Upgrade to Microsoft Office Pro and Windows 11 Pro with this bundle for 87% off
- Get 3 months of Xbox Game Pass Ultimate for 28% off
- Buy a Microsoft Project Pro or Microsoft Visio Pro license for just $18 with this deal
- How I optimized the cheapest 98-inch TV available to look and sound incredible (and it's $1,000 off)
- The best blood pressure watches of 2024
Intel Confirms Source Code Leak
Intel has confirmed that the alleged leak of its Alder Lake BIOS source code is authentic, potentially raising cybersecurity risks for customers.
Last week, the firm’s BIOS/UEFI code was apparently posted on 4chan and Github in a repository named ‘ICE_TEA_BIOS.’ This repository contains 5.97 GB of files, source code, private keys, change logs and compilation tools.
In a statement to Tom’s Hardware, an Intel spokesperson said: “Our proprietary UEFI code appears to have been leaked by a third party. We do not believe this exposes any new security vulnerabilities as we do not rely on obfuscation of information as a security measure. This code is covered under our bug bounty program within the Project Circuit Breaker campaign, and we encourage any researchers who may identify potential vulnerabilities to bring them our attention through this program. We are reaching out to both customers and the security research community to keep them informed of this situation.”
It is currently unclear how the source code was accessed, and who was responsible.
The leak relates to Intel’s 12th generation Intel Core processors, released in November 2021. Despite Intel’s reassurances, the leak could pose a security risk for customers, making it easier for cyber-criminals to discover vulnerabilities in the product.
Sam Linford, vice president of EMEA Channels at Deep Instinct, commented: “The theft of source code is an extremely scary prospect for organizations and can open the door to cyber-attacks. Source code holds massive value to cyber-criminals as it is part of a company’s intellectual property.
“Cyber-criminals are always looking for new techniques or vulnerabilities in order to catch security teams off guard. Incidents like this, where stolen source code could be used to launch cyber-attacks, shows us that it is crucial that we start looking towards a prevention-first mindset.”
There have been numerous incidents of an organization’s source code being leaked this year. In August 2022, password management firm LastPass revealed that portions of its source code were stolen, and in September 2022, a hacker stole source code for Grand Theft Auto 5 and the in-development version of Grand Theft Auto 6 from gaming giant Rockstar Games.