Chipmaker Intel has confirmed that the source code from its Alder Lake processor has been leaked to the 4Chan community as well as the GitHub code repository. It is the latest in a series of cyberattacks against semiconductor manufacturers this year. Analysts warn that such attacks could have devastating effects on the entire semiconductor supply chain.
A Twitter user named “Freak” posted links online to what they claim is the source code for the Alder Lake UEFI firmware. This is code that runs before the machine’s operating system to ensure that the computer is working properly. This is fundamental to how the systems work.
Intel has confirmed that the leak is real: “Our proprietary UEFI code appears to have been leaked by a third party,” the company said. “We do not believe this reveals new security vulnerabilities as we do not rely on information obfuscation as a security measure.”
The leak contains 5.97GB of source code, private keys, files, and changelogs. Despite Intel’s assurances that the leak will not pose a risk to those using its products, cybersecurity researchers are not so convinced. “If this source code is public, now anyone can start looking for their own vulnerabilities in this software to exploit in the future,” said Toby Lewis, global head of threat analysis at Darktrace.
Lewis says that now that data is available, “there’s a risk that something like SolarWinds could happen again.” This 2020 breach compromised IT management software company SolarWinds and led to attacks on the supply chain of many of its customers.
Those with the code could do something similar with the vulnerable Intel chips, Lewis says. Intel had 1.15 trillion shipments of semiconductor modules worldwide in 2021, although Alder Lake represents only a small percentage of them.
Is chip manufacturing a target for cyberattacks?
Analysts say the high demand for semiconductors and the value of the market is attracting the attention of cybercriminals. This year there were eight separate cyberattacks against leading semiconductor companies, according to a report by Recorded Future security company.
There have been attacks against industry giants such as Nvidia, AMD and Samsung, as well as other, lesser-known companies including Ignitarium, Diodes, SilTerra Malaysia, Semikron and Etron Technology.
Content from our partners
Stolen files from Taiwanese chipmaker ADATA surfaced on cybercrime gang RansomHouse’s ransomware blog just last weekalthough the company has now denied that this data is from a recent hack.
The critical nature of chips for many industries means that attacks have the potential to be lucrative for criminals, with manufacturers keen to avoid supply problems. “Semiconductor industry delays or disruptions in the current semiconductor chip shortage situation could have a negative impact on many industries around the world,” explains Jason Steer, global CISO at Recorded Future.
Meanwhile, the intellectual property held by chipmakers could make them a target for state-backed hackers, Recorded Future’s report said. The company’s researchers noted that while none of the cyberattacks against semiconductor companies had a “direct link” to nation-state groups, several affected businesses found “state-sponsored threat actors masquerading as ransomware groups and using at least five ransomware variants—LockFile, AtomSilo, Rook, Night Sky, and Pandora—to perform cyberespionage.”
How can chipmakers protect themselves?
Beyond basic cybersecurity, Sam Curry, CSO at security company Cybereason, says all chipmakers should consider introducing “bug bounty” programs. Many large technology companies run these programs to incentivize hackers to report vulnerabilities they discover in exchange for a fee.
Such threat hunting programs can “root out potential malicious activity long before it becomes a problem,” Currie says. Intel already runs one of these programs, which it expanded earlier this year.
Failing to implement such tactics is particularly dangerous on a global scale, Darktrace’s Lewis warns. Such vital chip manufacturing information in the wrong hands could have dire geopolitical consequences: “The ability to effectively just shut down a country’s entire IT setup at will becomes a really powerful tool as part of any kind of military intervention,” he says.
Read more: Hertzbleed vulnerability affects Intel and AMD chips
