Skip to main content

Intel Alder Lake BIOS source code was leaked — should you be worried?

It’s official — the source code for the Intel Alder Lake BIOS was leaked, and Intel has confirmed it. A total of 6GB of code used for building the BIOS/UEFI source code is now out in the wild, having been posted on GitHub and 4chan.

Intel doesn’t seem too concerned, but security researchers are now hard at work trying to see if this can be used in a malicious way. If you own an Alder Lake CPU, should you be worried?

Related Videos

I can't believe: NDA-ed MSRs, for the newest CPU, what a good day…

— Mark Ermolov (@_markel___) October 8, 2022

News of the leak broke out a couple of days ago when the code was found in a public GitHub repository, as well as shared on 4chan. The 6GB file contains some of the tools and code that Intel has used to build the BIOS/UEFI in its Alder Lake CPUs. Seeing as these are some of the best processors out currently, this could potentially put a lot of Intel’s customers at risk.

The BIOS/UEFI source code is responsible for initializing the hardware even before the operating system has the chance to load. As such, it’s responsible for establishing secure connections to important mechanisms within the computer, such as the Trusted Platform Module (TPM). The BIOS plays an important role in any computer, so it’s certainly not good that the source code for it could now be in the hands of nefarious threat actors.

Initially, it was uncertain whether the leaked file was the real deal, but Intel itself has now confirmed that to be the case. In a statement issued to Tom’s Hardware, Intel said:

“Our proprietary UEFI code appears to have been leaked by a third party. We do not believe this exposes any new security vulnerabilities as we do not rely on obfuscation of information as a security measure. This code is covered under our bug bounty program within the Project Circuit Breaker campaign, and we encourage any researchers who may identify potential vulnerabilities to bring them to our attention through this program. We are reaching out to both customers and the security research community to keep them informed of this situation.”

Intel’s statement implies that the most sensitive data had already been scrubbed from the source code before it was released to external partners. The source code contains many references to Lenovo, including “Lenovo String Service,” “Lenovo Cloud Service,” and “Lenovo Secure Suite.” Bleeping Computer notes that all of the code was developed by Insyde Software Corp.

An Intel Alder Lake Core i5-12600K CPU and its packaging.
Jacob Roach / Digital Trends

While this leak sounds pretty bad, Intel doesn’t seem to be overly concerned — although it’s good that it refers everyone to its bug bounty program. Many security researchers are already looking for cracks in the code, and some of the findings are less optimistic.

Hardware security firm Hardened Vault told Bleeping Computer: “The attacker/bug hunter can hugely benefit from the leaks even if leaked [manufacturer] implementation is only partially used in the production. The Insyde’s solution can help the security researchers, bug hunters, (and the attackers) find the vulnerability and understand the result of reverse engineering easily, which adds up to the long-term high risk to the users.”

Seeing as a KeyManifest private encryption key was found in the leak, it’s possible that hackers could use it to bypass Intel’s hardware security. Even so, it’s still a fairly long shot, so you probably don’t have to be too worried.

In any case, it’s worth it to keep yourself safe with some antivirus software to ensure that no attackers can access your computer, and subsequently, the BIOS.

Editors' Recommendations

AMD might finally beat Intel for the fastest mobile gaming CPU
AMD Ryzen 6000 laptop chip.

AMD's Ryzen 9 7945HX, the mobile flagship for this generation, was just spotted in some early benchmarks. The test results show that AMD might be really competitive in gaming laptops this year.

The CPU outpaced its last-gen equivalents by miles, and it kept up with Intel's best processors despite having far fewer cores.

Read more
AI is coming for your PC games, but you should be excited, not worried
how ai can change destory pc gaming games respec featured

The tech community has been oversaturated with AI this past week, from ChatGPT to Google Bard, but not without reason. We see fads like NFTs and web3 come and go, but AI is here to stay -- even in your PC games.

It's not all doom and gloom, though. AI and machine learning has already proven itself wildly useful in PC gaming, and it has far-reaching implications for how games are made and experienced. I'm not trying to fit a square peg into a round hole here -- and if you stick with me, you'll see why.
How it's being used now

Read more
Voice actors seeing an increasing threat from AI
best podcast apps for android microphone in radio station broadcasting studio

Voice actors are the latest creatives to feel the heat from artificial intelligence (AI).

According to a Motherboard report this week, those providing their voices for content such as ads, gaming titles, and animations have been noticing how clients are increasingly asking them to sign contracts that hand over the rights to their voice so that AI can be used to create a synthetic version.

Read more