Chips giant Intel has confirmed that a source code leak for the UEFI BIOS of Alder Lake CPUs is authentic, raising cybersecurity concerns with researchers.

Alder Lake is the name of Intel’s 12th generation Intel Core processors, released in November 2021.

On Friday, a Twitter user named ‘freak’ posted links to what was said to be the source code for Intel Alder Lake’s UEFI firmware, which they claim was released by 4chan.

The link led to a GitHub repository named ‘ICE_TEA_BIOS’ that was uploaded by a user named ‘LCFCASD.’ This repository contained what was described as the ‘BIOS Code from project C970.’

The leak contains 5.97 GB of files, source code, private keys, change logs, and compilation tools, with the latest timestamp on the files being 9/30/22, likely when a hacker or insider copied the data.

Buy Me A Coffee

The leaked source code also contains numerous references to Lenovo, including code for integrations with ‘Lenovo String Service’, ‘Lenovo Secure Suite’, and ‘Lenovo Cloud Service.’

At this time, it is unclear whether the source code was stolen during a cyberattack or leaked by an insider.

However, Intel has confirmed to Tom’s Hardware that the source code is authentic and is its “proprietary UEFI code.”

“Our proprietary UEFI code appears to have been leaked by a third party. We do not believe this exposes any new security vulnerabilities as we do not rely on obfuscation of information as a security measure. This code is covered under our bug bounty program within the Project Circuit Breaker campaign, and we encourage any researchers who may identify potential vulnerabilities to bring them our attention through this program. We are reaching out to both customers and the security research community to keep them informed of this situation.” – Intel spokesperson.

Chinese Hackers Breach Over 20,000 FortiGate Systems Worldwide in Extensive Cyber Espionage Campaign