Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Lenovo. Show all posts

Leak of BIOS Source Code Confirmed by Intel


The authenticity of the suspected leak of Intel's Alder Lake BIOS source code has been established, potentially posing a cybersecurity risk to users.

Alder Lake, the firm's 12th generation processor, which debuted in November 2021, is coded for the Unified Extensible Firmware Interface (UEFI) in the released documentation.

The breach, according to an Intel statement provided to Tom's Hardware, does not "reveal any new vulnerabilities since we do not rely on encryption of information as a defense policy."Additionally, it is urging other members of the security research community to use its bug bounty program to submit any potential problems, and it is also alerting customers about the situation.

The 5.97 GB of files, source code, secret keys, patch logs, and compilation tools in the breach have the most recent timestamp of 9/30/22, indicating that a hacker or insider downloaded the data time. Several references to Lenovo may also be found in the leaked source code, including code for 'Lenovo String Service,' 'Lenovo Secure Suite,' and Lenovo Cloud Service integrations.

Tom's Hardware, however, has received confirmation from Intel that such source code is real and is its "exclusive UEFI code."

Sam Linford, vice president of Deep Instinct's EMEA Channels, said: "Source code theft is a very serious possibility for enterprises since it may lead to cyber-attacks. Because source code is a piece of a company's intellectual property, it is extremely valuable to cybercriminals."

This year, there have been multiple instances where an organization's source code was exposed. The password manager LastPass disclosed that some of its source code had been stolen in August 2022, and Rockstar Games' Grand Theft Auto 5 and the Grand Theft Auto 6 version's source code was stolen in September 2022.

Older Lenovo users uninstall Solution Center soon

Owners of older Lenovo laptops need to uninstall the Lenovo Solution Center as soon as possible. 

Security researchers at Pen Test Partners found a critical vulnerability in the Lenovo Solution Center that could hand admin privileges over to hackers or malware.

According to Pen Test Partners, the flaw is a discretionary access control list (DACL) overwrite, which means a low-privileged user can sneak into a sensitive file by exploiting a high-privileged process. This is an example of a "privileged escalation" attack in which a bug can be used to gain access to resources that are normally only accessible to admins.

In this case, an attacker could write a pseudo-file (called a hard link file) that, when run by Lenovo Solution Center, would access sensitive files it otherwise shouldn't be allowed to reach. From there, damaging code could be executed on the system with administrator or system privileges, which is basically game over, as Pen Test Partners notes.

Lenovo Solution Center is a program that was preinstalled on Lenovo laptops from 2011 up until November 2018, which means millions of devices could be affected. Ironically, the program's purpose is to monitor the health and security of a Lenovo PC. While this flaw isn't such a big concern for individual users who can quickly protect their systems, larger companies who own a fleet of older ThinkPad laptops and use legacy software might be slow to react.

For its part, Lenovo published a security statement warning users about the bug and urging them to uninstall Solution Center, which the company no longer supports.

"A vulnerability reported in Lenovo Solution Center version 03.12.003, which is no longer supported, could allow log files to be written to non-standard locations, potentially leading to privilege escalation. Lenovo ended support for Lenovo Solution Center and recommended that customers migrate to Lenovo Vantage or Lenovo Diagnostics in April 2018," reads the statement.