CloudSEK has discovered a data leak that contains the internal data of Intel. The database includes schematics of various processor lines, release notes, NDA agreements and licenses, and internal debugging tools and binaries.
Discovery of the leakCloudSEK researchers discovered a magnet link to the archive which was announced on Twitter by user Tillie Kottman (@deletescape). This account has then been suspended, following the incident. The size of the database as mentioned in the tweet is “20+ GB.” However, the actual size of the records is ~90GB.
The contents of the leakThe sample records contain:
- Kabylake BIOS reference code and sample code, initialization code
- Intel Consumer Electronics Firmware Development Kit sources
- Silicon/ FSP source code packages for various platforms
- Various Intel development and debugging tools
- Simics simulation for Rocket Lake S and potentially other platforms
- Various roadmaps and other documents
- Intel’s binaries for SpaceX camera drivers
- Schematics, documents, tools, and firmware data related to the unreleased Tiger Lake platform
- Kabylake FDK training videos
- Intel Trace Hub and decoder files for various Intel ME versions
- Sample code for Elkhart Lake Silicon Reference and Platform
- Debug BIOS/TXE builds for various platforms
- Bootguard SDK
- Intel Snowridge/ Snowfish process simulator ADK
- Intel marketing material templates (InDesign)
- Apollo Lake Intel(R) TXE 18.104.22.1681_MR
- APS Software
- Lakefield Pets
Data verification and validationWe were able to confirm the leaked files using the magnet link.
- Threat actors use internal tools to debug the existing hardware systems and codes.
- The disclosure of schematics could allow attackers to target the hardware.
- Threat actors will be able to conduct further analysis using the published firmware details.
Next stepsRecommendations for affected users:
- Pay attention to the vendor’s response for updates.
- Don’t open unsolicited email attachments and links, claiming to be from the vendor.
- Use strong passwords wherever necessary and avoid password reuse.
- Verify access/ permission granted to applications.