On Thursday, Swiss IT consultant Tillie Kottmann released a batch of confidential Intel technical materials, codes and documents related to various processors and chipsets.
Courtman wrote on Twitter that they were given to me by an anonymous source who hacked them earlier this year. More details on this will be announced soon, suggesting that someone hacked into Intel’s system and stole it. These materials.
An Intel spokesperson said that this information was probably obtained from its Resource And Design Center, which is a private resource library for computer manufacturers and others to build systems using Intel silicon. The center is not open to the public because its content is intended to be used to create firmware and design motherboards compatible with Chipzilla microprocessors.
The first batch of files was distributed via the Mega file sharing link in the Telegram post, and may now have been mirrored elsewhere, weighing about 20 GB. The data dump contains confidential Intel files subject to nondisclosure agreements (nondisclosure agreements), which means that these files should not be shared publicly. We were told that this repository includes the following:
Kaby Lake (Purley Platform) BIOS reference code and sample code + initialization code (some of which are exported as complete history GIT reports).
Kottmann posted some code in the archive on Twitter, such as this code after searching for the backdoor in Intel firmware resources:
To us, this code seems to involve memory error detection and correction. IOH SR 17 may refer to the sticky register 17 in the I/O hub. The I/O hub is part of the Intel chipset and is used by the firmware code.In this context, I suspect that RAS is reliability, availability, and maintainability from mentioning ACPI. It performs memory error detection and correction. IOH SR 17 may refer to the scratch-off register in the I/O hub chipset used by the firmware
-Chris Williams (@diodesign) August 6, 2020.
Through private information, the registry asked Kotman why they released these documents and whether they were worried about taking legal action.
So, I did a lot of leaks and releases, #34; Kotman replied. My overall motivation is to get information for free, I’m just very curious. I also like to expose and observe what you can find in proprietary code (usually scary).
Kottmann said that with hardware-related information, they hope to allow people to use their hardware to the fullest and help security researchers better discover and evaluate potential problems.
I am a little worried about some legal actions this time, because this is the largest release so far, but so far, even for a larger (company) I have no problem, Kotman said, he just shared a few hours ago The source code of the European Intellectual Property Office. Like other leaks, this time it only used poorly configured infrastructure (absolutely ignoring security).
Intel has responded to Tom’s Hardware with an official statement:
“We are investigating this situation. The information appears to come from the Intel Resource and Design Center, which hosts information for use by our customers, partners and other external parties who have registered for access. We believe an individual with access downloaded and shared this data.”
The manufacturer of SonarQube defended the security of DevOps products after blaming the source code leaks on poor configuration.
In a recent interview with The Register, regarding a code dump that exposed the source code of several companies, including Adobe, Microsoft, Qualcomm, and others, Kottmann explained that part of their motivation was to encourage companies not to be careless in security. main idea.
An Intel spokesperson said: We are investigating this situation. This information appears to come from the Intel Resource and Design Center, which hosts the information for use by our customers, partners, and other external parties who have registered for access. We believe that individuals have the right to download and share this data.
If this is the case, it reminds me of the incident in 2017 when the private Windows 10 source code provided by Microsoft for qualified customers, enterprises, governments and partners was leaked on the Internet, and these customers, enterprises, governments and partners used them for debugging and reference purposes. .
This is of course the season of software and hardware leaks. Last month, a large number of internal source codes and designs of Nintendo from early to modern were leaked from a contractor and leaked online. ®.
The source of the allegedly leaked files has explained how they found the material: apparently by scanning the Internet with Nmap and finding an insecure Akamai CDN server hosting Chipzilla files.
Kottmann also said that the files passed to them came from a partner-only design center: as far as I know, the data I have is almost directly obtained from the CDN of the Intel Resource and Design Center.
At the same time, sources familiar with Intel’s investigation told said that the shared files may not be up-to-date because it is not clear when the information was extracted from the center, and today’s dump did not include personal or customer data.
Link (telegram post) – https://t.me/exconfidential/590
P.S. Leaker is the proper guy – Intellectual property does not exist and all information shall be free.