Earlier this week, information appeared online suggesting that the source code for Intel’s Alder Lake desktop processors had been stolen and published online. – This was clearly quite an alarming piece of news as source code is an exceptionally sensitive piece of information which, in the wrong hands, could potentially lead to new security exploits being found.
At the time of the leak, however, it was unclear as to exactly what had been stolen with some sources suggesting that it may have contained the source code for BIOS/UEFI, while others went further suggesting that it also held the source code for the actual processor chipsets. – Following a report via TechPowerUp, however, Intel has formally confirmed the bad news that the former has indeed been stolen. On the plus side, however, it doesn’t appear that the latter is an issue, and more so, nothing currently in the wild should represent any kind of security risk to users!
Intel has started by saying that while the source code for UEFI/BIOS has been stolen, they do not believe that it contains anything which should represent a security risk. In fact, they are so confident of this that with it now technically in the public hands, they’re openly encouraging people (as part of their bug bounty program) to actually attempt to find security flaws with it! – And if you do, you’ll get paid for it!
“Our proprietary UEFI code appears to have been leaked by a third party. We do not believe this exposes any new security vulnerabilities as we do not rely on obfuscation of information as a security measure. This code is covered under our bug bounty program within the Project Circuit Breaker campaign, and we encourage any researchers who may identify potential vulnerabilities to bring them our attention through this program. We are reaching out to both customers and the security research community to keep them informed of this situation.”
Overall, I actually have to applaud Intel for taking this approach. They can’t, after all, put the genie back in the bottle and it clearly achieves a lot more by asking the community to try and find bugs with it (for which they’ll get an actual monetary reward) rather than by attempting to downplay or hush the matter up.
So, for those white hat hackers among you, the gauntlet has been set down. – Oh, and in regards to the source, Intel hasn’t said anything one way or the other but Lenovo does still appear to be the prime ‘third-party’ culprit!
What do you think? – Let us know in the comments!
As Computex 2024 approaches, the tech industry buzzes with anticipation for a series of high-profile…
MSI, a key player in the graphics card market, appears to be shifting its focus…
TeamGroup has once again proven its prowess in the field of memory product innovation by…
Konami's eFootball has reached a staggering 750 million downloads worldwide. This milestone comes as the…
Just a few hours after its release on Steam alone Manor Lords has already managed…
FORTY YEARS OF WRESTLEMANIA WrestleMania is the biggest event in sports entertainment, where Superstars become…