Earlier this week, information appeared online suggesting that the source code for Intel’s Alder Lake desktop processors had been stolen and published online. – This was clearly quite an alarming piece of news as source code is an exceptionally sensitive piece of information which, in the wrong hands, could potentially lead to new security exploits being found.
At the time of the leak, however, it was unclear as to exactly what had been stolen with some sources suggesting that it may have contained the source code for BIOS/UEFI, while others went further suggesting that it also held the source code for the actual processor chipsets. – Following report via TechPowerUp, however, Intel has formally confirmed the bad news that the former has indeed been stolen. On the plus side, however, it doesn’t appear that the latter is an issue, and more so, nothing currently in the wild should represent any kind of security risk to users!
Intel has started by saying that while the source code for UEFI/BIOS has been stolen, they do not believe that it contains anything which should represent a security risk. In fact, they are so confident of this that with it now technically in the public hands, they’re openly encouraging people (as part of their bug bounty program) to actually attempt to find security flaws with it! – And if you do, you’ll get paid for it!
“Our proprietary UEFI code appears to have been leaked by a third party. We do not believe this exposes any new security vulnerabilities as we do not rely on obfuscation of information as a security measure. This code is covered under our bug bounty program within the Project Circuit Breaker campaign, and we encourage any researchers who may identify potential vulnerabilities to bring them our attention through this program. We are reaching out to both customers and the security research community to keep them informed of this situation.”
Overall, I actually have to applaud Intel for taking this approach. They can’t, after all, put the genie back in the bottle and it clearly achieves a lot more by asking the community to try and find bugs with it (for which they’ll get an actual monetary reward) rather than by attempting to downplay or hush the matter up.
So, for those white hat hackers among you, the gauntlet has been set down. – Oh, and in regards to the source, Intel hasn’t said anything one way or the other but Lenovo does still appear to be the prime ‘third-party’ culprit!
What do you think? – Let us know in the comments!
be quiet! is one of the leading names for high-performance coolers, with some of the…
Intel has just released the latest version of their Arc GPU Graphics Drivers. Now, while…
PNY GeForce RTX 3060 12GB VERTO™ Dual Fan Ampere Graphics Card The GeForce RTX™ 3060…
Introducing the newest series of Z690 motherboards – ROG Strix Z690-E Gaming WiFi from ASUS.…
ASUS Prime series motherboards are expertly engineered to unleash the full potential of AMD Ryzen…
2TB Samsung 990 PRO PCIe 4.0 NVMe M.2 SSD with Heatsink Reach max performance of…