Intel suffers massive data breach involving confidential company and CPU information revealing hardcoded backdoors.

[japers]

 

Summary

 

Intel suffered a massive data breach earlier this year and as of today the first associated data has begun being released. Some users are reporting finding hardcoded backdoors in the intel code.

 

Some of the contents of this first release (There will be further releases)

 

- Intel ME Bringup guides + (flash) tooling + samples for various platforms

- Kabylake (Purley Platform) BIOS Reference Code and Sample Code + Initialization code (some of it as exported git repos with full history)

- Intel CEFDK (Consumer Electronics Firmware Development Kit (Bootloader stuff)) SOURCES

- Silicon / FSP source code packages for various platforms

- Various Intel Development and Debugging Tools - Simics Simulation for Rocket Lake S and potentially other platforms

- Various roadmaps and other documents

- Binaries for Camera drivers Intel made for SpaceX

- Schematics, Docs, Tools + Firmware for the unreleased Tiger Lake platform - (very horrible) Kabylake FDK training videos

- Intel Trace Hub + decoder files for various Intel ME versions

- Elkhart Lake Silicon Reference and Platform Sample Code

- Some Verilog stuff for various Xeon Platforms, unsure what it is exactly.

- Debug BIOS/TXE builds for various Platforms

- Bootguard SDK (encrypted zip)

- Intel Snowridge / Snowfish Process Simulator ADK - Various schematics

- Intel Marketing Material Templates (InDesign)

- Lots of other things

 

 

 

Quotes

 

Quote

Intel exconfidential Lake Platform Release This is the first 20gb release in a series of large Intel leaks. Most of the things here have NOT been published ANYWHERE before and are classified as confidential, under NDA or Intel Restricted Secret.

 

 

My thoughts

 I hope this leads to more understanding about the internals of the Intel ME. Last few years have shown that it’s a tremendous security liability, and the best way to mitigate this is if we all get a better understanding of how it works.

Update: They used the password Intel123. They probably deserved it.

 

Sources (Original tweet and TH link)

https://twitter.com/deletescape/status/1291405688204402689

https://www.tomshardware.com/news/massive-20gb-intel-data-breach-floods-the-internet-mentions-backdoors

[Dutch_Master]

Well, this certainly isn't helping the Lawsuit Intel is in now....

 

AMD laughs in Zen3

[japers]

8 minutes ago, Dutch_Master said:

Well, this certainly isn't helping the Lawsuit Intel is in now....

 

AMD laughs in Zen3

Nobody: 

Dr Su: *Laughs in money*

 

*Aggressively eats popcorn while using AMD Ryzen CPU*

[Dutch_Master]

It's been reported on the Level1 forums as well:

https://forum.level1techs.com/t/yyyuuuuuugggggeee-intel-ip-breach/160363/15

 

The OP there links to a Tom's Hardware source (but I haven't seen it myself, no need for that, TBH)

[japers]

 

 

The Biggest of oofs.

[japers]

2 minutes ago, gabrielcarvfer said:

At least the PDFs are pretty much as expected of any huge company.

Training presentations, product Q&A and certification, release notes, reference schematics and VHDL files used to build them, etc.

Yeah but zips with the password "Intel123" with binaries and initialization code. Thats pretty compromising.

 

You clearly didnt get the joke. We all know intel is plagued with issues.

[Tech_Dreamer]

2020 hasnt been good to intel either.

[Mateyyy]

[japers]

2 minutes ago, gabrielcarvfer said:

Couldn't find anything relevant or damaging to them. People are kicking a dead horse just for the sake of it.

This is release 1 and it contains confidential NDA code. Its NDA for a reason...

Even if its just trade secrets its damaging and their stock price will likely show it.

[spartaman64]

thonking

 

[japers]

3 minutes ago, spartaman64 said:

<snip>

thonking

 

Lets wait and see what the other releases reveal. It would make sense that this first release is less damaging.

 

[gloop]

2 minutes ago, spartaman64 said:

 

 

if this is legit, than the leaker just made the biggest f*cking fool of himself lmao

[japers]

1 minute ago, gloop said:

if this is legit, than the leaker just made the biggest f*cking fool of himself lmao

True but if you search the code there are various backdoors in there so its somewhat interesting still.

[japers]

5 minutes ago, gabrielcarvfer said:

That is not important as it can't be weaponized against them. Remember AMD? Probably not.

<snip>

 

Id wait and see what happens before making the call. Ill update the post as the leaks continue.

[PlayStation 2]

The good ol' mentality of "corporation bad, other corporation good" is really showing through with this forum yet again.

On a more relevant note, I'm kinda amazed at the password (singular) they used for the archive.

[spartaman64]

1 minute ago, handymanshandle said:

The good ol' mentality of "corporation bad, other corporation good" is really showing through with this forum yet again.

On a more relevant note, I'm kinda amazed at the password (singular) they used for the archive.

corporation with a monopolistic position for years bad. underdog corporation good

[spartaman64]

8 minutes ago, gloop said:

if this is legit, than the leaker just made the biggest f*cking fool of himself lmao

i mean its still juicy NDA stuff but not as ground shaking if this is true

[gloop]

Just now, spartaman64 said:

i mean its still juicy NDA stuff but not as ground shaking if this is true

yeah, but the amount of coverage this is getting is insane if 90% of it is already available to the public.

[japers]

1 minute ago, gloop said:

yeah, but the amount of coverage this is getting is insane if 90% of it is already available to the public.

Original tweet says none of this has ever been posted before

[spartaman64]

3 minutes ago, gloop said:

yeah, but the amount of coverage this is getting is insane if 90% of it is already available to the public.

but thinking about it its sort of weird if that is true. why is intel including space x camera driver binaries in files sent to some customer unless the customer they are talking about is space x

[aisle9]

Isn't this literally exactly what that guy posted here a couple hours ago? I thought about downloading it, actually started the download twice, but a 20GB zip file full of smaller ZIP and 7z files from Mega just...I'd rather dip my junk in a herpes farm than risk that.

[RejZoR]

2020 is a really shit year and especially for Intel...

[Guest]

1 minute ago, BlueScope819 said:

Okay, so at the end of the day, what does this mean for the security of your everyday user using an Intel CPU?

Not a damn thing lol.

[Falkentyne]

31 minutes ago, aisle9 said:

Isn't this literally exactly what that guy posted here a couple hours ago? I thought about downloading it, actually started the download twice, but a 20GB zip file full of smaller ZIP and 7z files from Mega just...I'd rather dip my junk in a herpes farm than risk that.

You can just get some of the files separately.  The "Big zip" is the entire archive.

I grabbed the IME stuff and it's just a bunch of somewhat recent ME firmware, with some strange documentation.

 

There was a completely USELESS VRM tool, which would tell you (via booting to EFI) if your bios VRM settings were correct (I'm talking about stuff like PS Current Threshold 1, 2, 3, for values of 20, 5 and 1 amp (raw values of 80, 20 and 4) and AC/DC Loadlines and VRM limits, and this seems to be for an exact particular laptop or some test system brand, as most desktops don't even have access to most of these settings (except the AC/DC Loadlines).

[japers]

1 hour ago, gabrielcarvfer said:

The files are available to the "public" it is intended for a.k.a. partners.

You dont know this as fact. Its just what intels PR team are saying. As i said stop jumping the gun and wait to see the other tens of GB of leaks when they come out. The guy that leaked it is fairly well versed in leaking source code and the like.