IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Intel Alder Lake chips safe from novel exploits following source code leak, experts say

The mystery surrounding how the code was leaked is a more interesting story, experts told IT Pro, despite others branding the incident "scary"

Experts have assured that the confirmed leak of Intel's Alder Lake source code will 'most likely' not lead to any meaningful adverse impact on the security of its products, despite others branding the leak as a "scary" prospect.

According to experts who spoke to IT Pro, attackers would need access to other components to have a substantial chance of developing harmful exploits and also be able to bypass the existing protections that Intel has in place.

Related Resource

The trusted data centre and storage infrastructure

Invest in infrastructure modernisation to drive improved outcomes

Whitepaper cover with image of female sat on floor with laptop on her knee leaning against a serverFree Download

"It is unlikely that viewing software code alone will cause a subsequent cyber security incident," said John Goodacre, director at the UKRI’s Digital Security by Design challenge and professor of Computer Architectures at Manchester University. "Much of the UEFI source code is already open source and available for third-party use and inspection.

"Proprietary initialisation and configuration code can make it easier to understand potential attack vectors, but with appropriate hardware protection such as a root of trust, trusted execution environments and other security by design features in the implementation would mean it is no less secure unless production keys are also exposed."

Others echoed Goodacre's position that the industry nor Intel customers should be alarmed. Martin Jartelius, chief security officer at Outpost24, said the way in which the data had come to be leaked is substantially more interesting than the contents of the leak itself. 

“There is no need to be alarmed by this data leak in and of itself, if you are a user of this technology," he said. "There is, however, more concern that either someone working in relation to hardware either had their repository or system breached, or are themselves careless with the information they process on behalf of others. Where this leak happened and why, to me, is substantially more of interest for us as a community than the code.”

At time of writing, no verifiable source for the files has come forward and therefore few conclusions on operational security can be drawn from the leak but it's certain that Intel will be investigating the incident closely.

The news sparked an initial scare that the leak could lead to the discovery of novel exploits impacting Intel's processors built using its Alder Lake architecture, launched in November 2021.

In theory, attackers with access to a company's source code are able to more easily find novel vulnerabilities in the impacted product by reverse engineering the way in which the code functions.

Sam Linford, VP EMEA channels at Deep Instinct, agreed and added that “the theft of source code is an extremely scary prospect for organisations". Other companies such as Rockstar Games and LastPass have both been victims of source code theft this year. 

The Alder Lake leak

Rumours started circulating on Friday of a potential leak of Intel's Alder Lake source code after a series of links were posted on Twitter via anonymous messaging board 4Chan. The links led to a download of files totalling 5.86GB in size.

The Twitter link led to GitHub a repository titled ‘ICE_TEA_BIOS’ and was last edited on 30 September. This contained a compressed version of the files, but has now been taken down.

"Our proprietary UEFI code appears to have been leaked by a third party,” said an Intel spokesperson to IT Pro, confirming the leak to be genuine. 

“We do not believe this exposes any new security vulnerabilities as we do not rely on obfuscation of information as a security measure. This code is covered under our bug bounty programme within the Project Circuit Breaker campaign, and we encourage any researchers who may identify potential vulnerabilities to bring them our attention through this programme.

"We are reaching out to both customers and the security research community to keep them informed of this situation."

Due to the size of the file repository, security researchers are taking time to determine what critical information might have been exposed by the leak. 

Concerns were immediately raised over the extent to which hackers might be able to utilise Intel’s Alder Lake BIOS source code and it's still unclear whether the files were the subject of a data breach, or whether an insider leak from within Intel or a connected firm was the source.

Featured Resources

2022 State of the multi-cloud report

What are the biggest multi-cloud motivations for decision-makers, and what are the leading challenges

Free Download

The Total Economic Impact™ of IBM robotic process automation

Cost savings and business benefits enabled by robotic process automation

Free Download

Multi-cloud data integration for data leaders

A holistic data-fabric approach to multi-cloud integration

Free Download

MLOps and trustworthy AI for data leaders

A data fabric approach to MLOps and trustworthy AI

Free Download

Recommended

Who needs Intel vPro®, An Intel® Evo™ Design, anyway?
Sponsored

Who needs Intel vPro®, An Intel® Evo™ Design, anyway?

18 Nov 2022
Intel unveils Max Series chip family designed for high performance computing
components

Intel unveils Max Series chip family designed for high performance computing

9 Nov 2022
IT Pro News in Review: Fujitsu quantum computing, IT expenditure forecast, Intel co-invests in new plant
Business strategy

IT Pro News in Review: Fujitsu quantum computing, IT expenditure forecast, Intel co-invests in new plant

26 Aug 2022
Podcast transcript: Solving the semiconductor shortage
components

Podcast transcript: Solving the semiconductor shortage

26 Aug 2022

Most Popular

Empowering employees to truly work anywhere
Sponsored

Empowering employees to truly work anywhere

22 Nov 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

15 Nov 2022
The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

14 Nov 2022