September 30, 2020

Intel leaked 20GB of source code and internal documents

2 min read

Yesterday, hackers announced on Twitter that they had obtained confidential data from Intel, including Intel’s large source code and internal documentation.

The data totaled 20GB, but the hacker did not disclose how it was leaked. The hacker stated that the data even contained the firmware code for the old Intel processor.

These source-code data regarding product security are therefore regarded as particularly confidential by Intel. After being leaked, hackers may discover security vulnerabilities or even launch attacks.

In response to a request for comment from media, Intel said that after the company’s engineering team confirmed that the data currently exposed on the Internet is indeed Intel’s confidential data.

Intel microcode license

These data are provided to Intel internal and Intel partners, for example, partners can write adapted firmware through documents or codes.

Including some code and sample leaks of Intel KabyLake processor and Intel ME management platform, as well as a large number of debugging tools used internally by Intel.

The reason for the data leakage is the improper configuration on some Intel servers, which allows hackers to use a very simple method to steal these data.

Intel stated that these data are actually provided to Intel internal engineers and external partner engineers, and there are relatively many people who have access to the data.

It is precisely in this way that many documents in the leaked data are encrypted with simple weak passwords. It is possible that the passwords are provided to engineers as semi-public.

Intel officials did not explain how the data was leaked, so it is not known whether it is a server configuration problem. Intel said it still needs time to investigate.

Via: ZDNet