Intel hacked, first wave of stolen chip data released in 20GB dump
A hacker has released 20GB of confidential chip engineering data stolen from Intel, with the data made available potentially leading to new zero-day threats for users across multiple platforms.
Intel hacked, first wave of data dumped in 20GB package
The hacker linked to a post on secret messaging platform, Telegram, detailing the contents of the leak and a Mega file attached at the bottom. While the contents are harmless on their own, they contain BIOS information and source code of proprietary Intel technology that could be used in building malware.
Billing it as "Intel exconfidential Lake," the hacker claims the data has not been published anywhere and much of the information is under strict NDA. The data was allegedly acquired by an anonymous source who breached Intel earlier in 2020.
The following list was provided as a partial overview of the 20GB file:
While likely useless, the fact that the camera drivers made for SpaceX are within the breach shows the breadth of data being sourced.
Password protected documents seem to be lacking any security too, as they have the password "intel123" or "Intel123," which are too easily guessed for what are considered "highly confidential documents."
As it is with any malware, it must be installed to the computer in order to attack. If any such malware is created by this, users will have to willingly bypass the security protocols built into macOS. Some attacks can be hidden within files or physical drives, so always be aware of where your hardware or software is coming from.
For now, there is no evidence of any exploits actively in the wild as a result of the database.
Apple Silicon will replace Intel processors over the next two years
Apple has announced its intent to move the entire Mac line to Apple Silicon within the next two years. This move was prompted by Intel's inability to keep up with market demand for smaller processes, but also apparently stemming from security issues as well.
Apple builds their devices from the ground up for security and privacy across the board. Apple has never suffered a large scale data breach or malware attack related to their custom processors. Expect the first Mac with Apple Silicon to ship by the end of 2020.
Intel hacked, first wave of data dumped in 20GB package
The hacker linked to a post on secret messaging platform, Telegram, detailing the contents of the leak and a Mega file attached at the bottom. While the contents are harmless on their own, they contain BIOS information and source code of proprietary Intel technology that could be used in building malware.
Billing it as "Intel exconfidential Lake," the hacker claims the data has not been published anywhere and much of the information is under strict NDA. The data was allegedly acquired by an anonymous source who breached Intel earlier in 2020.
Intel exconfidential Lake Platform Release
This is the first 20gb release in a series of large Intel leaks.
Most of the things here have NOT been published ANYWHERE before and are classified as confidential, under NDA or Intel Restricted Secret. pic.twitter.com/KE708HCIqu-- Tillie 1312 Kottmann #BLM (@deletescape)
The following list was provided as a partial overview of the 20GB file:
- Intel ME Bringup guides + (flash) tooling + samples for various platforms
- Kabylake (Purley Platform) BIOS Reference Code and Sample Code + Initialization code (some of it as exported git repos with full history)
- Intel CEFDK (Consumer Electronics Firmware Development Kit (Bootloader stuff)) SOURCES
- Silicon / FSP source code packages for various platforms
- Various Intel Development and Debugging Tools
- Simics Simulation for Rocket Lake S and potentially other platforms
- Various roadmaps and other documents
- Binaries for Camera drivers Intel made for SpaceX
- Schematics, Docs, Tools + Firmware for the unreleased Tiger Lake platform
- (very horrible) Kabylake FDK training videos
- Intel Trace Hub + decoder files for various Intel ME versions
- Elkhart Lake Silicon Reference and Platform Sample Code
- Some Verilog stuff for various Xeon Platforms, unsure what it is exactly.
- Debug BIOS/TXE builds for various Platforms
- Bootguard SDK (encrypted zip)
- Intel Snowridge / Snowfish Process Simulator ADK
- Various schematics
- Intel Marketing Material Templates (InDesign)
While likely useless, the fact that the camera drivers made for SpaceX are within the breach shows the breadth of data being sourced.
Password protected documents seem to be lacking any security too, as they have the password "intel123" or "Intel123," which are too easily guessed for what are considered "highly confidential documents."
What this means for Mac users
These leaked documents are harmless on their own. The files are out there though, and bad actors will definitely be scraping through to find any useful vulnerability to attack.As it is with any malware, it must be installed to the computer in order to attack. If any such malware is created by this, users will have to willingly bypass the security protocols built into macOS. Some attacks can be hidden within files or physical drives, so always be aware of where your hardware or software is coming from.
For now, there is no evidence of any exploits actively in the wild as a result of the database.
Apple Silicon will replace Intel processors over the next two years
Apple has announced its intent to move the entire Mac line to Apple Silicon within the next two years. This move was prompted by Intel's inability to keep up with market demand for smaller processes, but also apparently stemming from security issues as well.
Apple builds their devices from the ground up for security and privacy across the board. Apple has never suffered a large scale data breach or malware attack related to their custom processors. Expect the first Mac with Apple Silicon to ship by the end of 2020.
Comments
And if China is behind this, it’s as good as a declaration of war.
No, even if China is behind it, which nis very unlikely, it is not “as good as a declaration of war”. It would be bad, but let’s not let the hysteria lead to something that gets people killed.
The leaker may be easily caught because the intersection of the groups that worked on each of those projects will point back to a small number of people... 3 at best, and 1 "development partner."
You mean in ANDROID devices. The NSA has not gotten their dirty hands into Apple products.
I'd love to see the evidence.
Can I see some proof that the NSA has installed hardware or software into Apple products?
It's an open "secret" that the NSA is working with android. The NSA and Google acknowlege it openly. But no one gives a sh** unless it involves Apple.
https://www.computerworld.com/article/2501454/nsa-releases-security-enhanced-version-of-android.html
https://www.androidauthority.com/nsa-android-code-239118/
https://www.sfgate.com/tech/article/NSA-refining-Google-s-code-for-Android-system-4663940.php
"And since companies aren’t allowed to disclose NSA infiltration how are you to be sure?"
Links above.
The "Apple probably does too!" argument is invalid to me.
Ugh, darn, this totally sucks! Also, we totally had nothing to do with this leak, I mean, even though it would be a great cover for the fact that the company is quickly becoming obsolete, and even better cover for the fact that we’ve been supplying backdoors for a price for years, I mean *if* we’d been supplying them. Anyway, it definitely wasn’t us. Oh, and can we have a bailout?
“Deserves it! I daresay he does. Many that live deserve death. And some that die deserve life. Can you give it to them? Then do not be too eager to deal out death in judgement. For even the very wise cannot see all ends.”
― J.R.R. Tolkien, The Fellowship of the Ring
I asked for proof, not an excuse to give Android a pass.
"Security enhancement" by the NSA. Hahaha.
All I ask for is proof. I have yet to see the NSA's hands in Apple devices. Android opened it's legs for the NSA, while the government in general hates Apple for being closed.