Thursday, August 6th 2020

Intel Hit by a Devastating Data Breach, Chip Designs, Code, Possible Backdoors Leaked

by
btarunr
 Discuss (151 Comments)
Intel on Thursday was hit by a massive data-breach, with someone on Twitter posting links to an archive that contains the dump of the breach - a 20-gigabyte treasure chest that includes - but not limited to - Intel Management Engine bringup guides, flashing tools, samples; source code of Consumer Electronics Firmware Development Kit (CEFDK); silicon and FSP source packages for various platforms; an assortment of development and debugging tools; Simics simulation for "Rocket Lake S" and other platforms; a wealth of roadmaps and other documents; shcematics, documents, tools, and firmware for "Tiger Lake," Intel Trace Hub + decoder files for various Intel ME versions; "Elkhart Lake" silicon reference and sample code; Bootguard SDK, "Snow Ridge" simulator; design schematics of various products; etc.

The most fascinating part of the leak is the person points to the possibility of Intel laying backdoors in its code and designs - a very tinfoil hat though likely possibility in the post-9/11 world. Intel in a comment to Tom's Hardware denied that its security apparatus had been compromised, and instead blamed someone with access to this information for downloading the data. "We are investigating this situation. The information appears to come from the Intel Resource and Design Center, which hosts information for use by our customers, partners and other external parties who have registered for access. We believe an individual with access downloaded and shared this data," a company spox said.
Source: Tom's Hardware

Related News

Add your own comment

151 Comments on Intel Hit by a Devastating Data Breach, Chip Designs, Code, Possible Backdoors Leaked

#26
Mussels
Freshwater Moderator
god i hope you're trolling
Posted on Reply
#27
ratirt
With all due respect sir but this is slightly over the board. It's a data breach not a battle between good and evil.
Posted on Reply
#28
john_
AMD should donate them a few EPYC servers to improve their security.
Posted on Reply
#29
Mussels
Freshwater Moderator
No thanks, i think you may be lost as to what century this is. The year is 2020, it mostly sucks, the bible and its plagiarized fictions are uninvolved in the human stupidity of someone setting a password as dumb as Intel123 on 'secure' files.

Edit: its less clear now, but this was a reply to someones low quality 'hidden' post
Posted on Reply
#30
Calmmo
MusselsNo thanks, i think you may be lost as to what century this is. The year is 2020, it mostly sucks, the bible and its plagiarized fictions are uninvolved in the human stupidity of someone setting a password as dumb as Intel123 on 'secure' files.
Intel123, the new but this time real 666
Posted on Reply
#31
ilyon
"The walls are crying." Unikitty
Posted on Reply
#32
Mussels
Freshwater Moderator
Oh and for context other outlets reported the passwords literally were Intel123 and intel123, hence my comments
Posted on Reply
#34
lexluthermiester
There are serious problems with engineering "backdoors" into software and hardware.

The first is hackers. They are always looking for that next sweet magic exploit and when one is found...

The second is liability. No company wants to be liable for the PR shit-storm and legal nightmare, not to mention that not all governments play nice together and so on.

The idea of officially deliberate backdoors is sheer lunacy. Now the idea of "accidental" or "unintentional" backdoors "engineered" into software/hardware by government operatives embedded within Intel... Far more plausible... And very difficult to prove...
Posted on Reply
#35
efikkan
CrackongThe poster encourages downloaders to look for mentions of 'backdoors' in some of the Intel source code, and even provides a sample clip of one such listing, but we aren't sure of the intentions behind the listings in the code.

=========================

Are Intel engineers really that dump and marked "backdoors" in the actual code ?
Adding backdoors is inherently stupid, as they are bound to get leaked or figured out some day. But who would be stupid enough to mark it in the source code? Thousands of engineers will see this code over the years, who would trust all of them to keep a big secret like this?

And why is the poster encouraging people to look for mentions of "backdoors" in the code? Exactly how many seconds does it take to search for that string?
watzupkenThis leak is likely going to give Intel more headaches with security going forward.
Why?
Anything relying on obscurity is not secure in the first place.
ratirtThis stuff proves there is something seriously wrong with Intel. Maybe after all of this some changes are in order? I surely hope so.
What precisely proves what specifically?
The fact that something got leaked, or something in the leak?

I'm actually surprised this doesn't happen all the time. With thousands of engineers working on specs and code, it's impossible to keep full control over the data without hampering development.

-----

I thought I'd seen it all, but apparently a thread about Intel can even descend into misquoting scripture and the end of times. I don't know where TPU draws the line on blasphemy, but this might be threading into dangerous territories.
Posted on Reply
#36
SIGSEGV
No wonder jim keller left intel. He feels insecure working at Intel. :)
Posted on Reply
#37
W1zzard
chodaboy19Are these just tools used by intel partners to develop products that work with intel cpus/chipsets, etc?
Yup looks similar to what i see with my gpuz developer nda
Posted on Reply
#38
aQi
mtcn77Because they are Porsche fans? Porsche's come with the engine bay at the back.
Intel 10900KSP (P for Porsche edition)
Kohl BaasWhy would that be a question? Seriously, backdoors are planted to ease the access to systems/data held by owners who don't want access to their systems/data by others. And 9/11 suggest it has to do with counter-terrorism instead of commercial/industrial espionage. Correct me if I'm wrong, but wasn't one of the biggest hits of Snowden the proof that NSA was involved in industrial espionage against private companies of "ally" nations in favour of american companies?
I have no idea about that. Backdoor entries may be vulnerable to everyone then
Posted on Reply
#39
mtcn77
Aqeel ShahzadIntel 10900KSP (P for Porsche edition)
Porsche invented this underboost-turbo combination with gt2, that maybe are targetted for r&d at Intel.
Posted on Reply
#40
Chrispy_
*GASP*

I never saw this coming!
Posted on Reply
#41
R-T-B
Kohl BaasWhy would that be a question? Seriously, backdoors are planted to ease the access to systems/data held by owners who don't want access to their systems/data by others. And 9/11 suggest it has to do with counter-terrorism instead of commercial/industrial espionage. Correct me if I'm wrong, but wasn't one of the biggest hits of Snowden the proof that NSA was involved in industrial espionage against private companies of "ally" nations in favour of american companies?
If there is a backdoor, bingo. Counterterrorism claims is what got the bill signed.
W1zzardYup looks similar to what i see with my gpuz developer nda
About my take away from it too. Someone wants to make this a lot more than it is, and is succeeding.
Posted on Reply
#42
Kohl Baas
Aqeel ShahzadI have no idea about that. Backdoor entries may be vulnerable to everyone then
Yes it is. But finding backdoors and vulnerabilities is hard and time consuming. On the other hand if you know about it from the get go... And that is the main cause of why all the great powers opposing the USA is making their own (obviously inferrior) CPUs and detaching governing and military institutions from the internet, creating their own intranet. They don't want any of those backdoorsin their systems.
Posted on Reply
#43
ratirt
efikkanWhat precisely proves what specifically?
The fact that something got leaked, or something in the leak?

I'm actually surprised this doesn't happen all the time. With thousands of engineers working on specs and code, it's impossible to keep full control over the data without hampering development.
Yes and with the Code of Business Conduct that every employee must sign to keep confidential information for himself while working with it is nothing so the confidential info should be floating around internet like it was just another day on the beach for you? So yeah, for me, it proves that there is something wrong in Intel's ranks because this shouldn't have happened ever.
Posted on Reply
#44
W1zzard
ratirt, for me, it proves that there is something wrong in Intel's ranks because this shouldn't have happened ever.
If i download everything from my nda account and post it, it’s Intel’s fault?
Posted on Reply
#45
laszlo
W1zzardYup looks similar to what i see with my gpuz developer nda
you can know only if you downloaded them no? :laugh:
Posted on Reply
#46
efikkan
ratirtYes and with the Code of Business Conduct that every employee must sign to keep confidential information for himself while working with it is nothing so the confidential info should be floating around internet like it was just another day on the beach for you? So yeah, for me, it proves that there is something wrong in Intel's ranks because this shouldn't have happened ever.
I'm sorry, but I don't think you realize the scope of this.
Intel have thousands of engineers working on various parts of CPU designs (plus thousands of former engineers), then they have many partnerships with research at universities, and all kinds of business partners and third-party developers, all of these are under some kind of NDA and access to varying degrees of sensitive information. Do you really expect all of these (tens of thousands of people) to stay 100% loyal and not do a single mistake to get compromised themselves?

The reality is valuable information is going to get leaked, sometimes not to the general public or sometimes it flies under the radar. But it's very likely that it's going to get out there some day.
Posted on Reply
#47
c2DDragon
It would be a perfect day to make a poll :
Which new CPU would you buy ?
  1. Tiger Lake
  2. Zen 3
Posted on Reply
#48
Houd.ini
efikkanWhy?
Anything relying on obscurity is not secure in the first place.
And intel has never done that?
Posted on Reply
#49
TheoneandonlyMrK
W1zzardIf i download everything from my nda account and post it, it’s Intel’s fault?
Do you think the alleged back doors are worth worry then or not so much?.
Posted on Reply
#50
Assimilator
R-T-BSomeone wants to make this a lot more than it is, and is succeeding.
Yup - and the idiots are falling for it, as many of the posts in this thread demonstrate.
Posted on Reply
Add your own comment
Apr 18th, 2024 20:11 EDT change timezone

Latest GPU Drivers

New Forum Posts

Popular Reviews

Controversial News Posts