Intel Is Investigating How Confidential Data Ended Up Online

There is also a folder dedicated to the Intel Management Engine, but its contents, too, aren’t anything Intel integrators don’t already know. They’re test code and recommendations for when and how often to run those automated tests while designing systems that include an Intel CPU with the Intel ME.

One of the dump’s newer bits included “Whitley/Cedar Island Platform Message of the Week,” dated May 5. Cedar Island is the motherboard architecture that lies beneath both Cooper Lake and Ice Lake Xeon CPUs. Some of those chips were released earlier this year, while some have yet to become generally available. Whitley is the dual-socket architecture for both Cooper Lake (14 nm) and Ice Lake (10 nm) Xeons. Cedar Island is for Cooper Lake only

Some contents provide a cryptic reference to voltage failures in some Ice Lake samples. It’s not clear if the failures apply to actual hardware delivered to customers or if they’re happening on reference boards Intel provided to OEMs for use in designing their own boards.

While Intel said it doesn’t believe the documents were obtained through a network breach, a screenshot of the conversation Kottmann had with the source provided an alternate explanation. The source said that the documents were hosted on an unsecured server hosted on Akamai’s content delivery network. The source claimed to have identified the server using the nmap port-scanning tool and from there, used a python script to guess default passwords.

Here’s the conversation:

source: They have a server hosted online by Akami CDN that wasn’t properly secure. After an internet wide nmap scan I found my target port open and went through a list of 370 possible servers based on details that nmap provided with an NSE script.

source: I used a python script I made to probe different aspects of the server including username defaults and unsecure file/folder access.

source: The folders were just lying open if you could guess the name of one. Then when you were in the folder you could go back to root and just click into the other folders that you didn’t know the name of.

deletescape: holy shit that’s incredibly funny

source: Best of all, due to another misconfiguration, I could masqurade as any of their employees or make my own user.

deletescape: LOL

source: Another funny thing is that on the zip files you may find password protected. Most of them use the password Intel123 or a lowercase intel123

source: Security at it’s finest.

Kottmann said they didn’t know the source well, but, based on the apparent authenticity of the material, there’s no reason to doubt the source’s account of how it was obtained.

The Intel spokeswoman didn’t immediately provide a response to the claim.

Many onlookers have expressed alarm that the source code has comments containing the word backdoor. Kottmann told Ars that the word appeared two times in the source code associated with Intel’s Purely Refresh chipset for Xeon CPUs. So far, there are no known analyses of the source code that have found any covert methods for bypassing authentication, encryption, or other security protections. Besides, the term backdoor in coding can sometimes refer to debugging functions or have other benign meanings.

People are also lampooning the use of the passwords Intel123 and intel123. These are no doubt weak passwords, but it’s unlikely their purpose was to secure the contents of the archive files from unauthorized people.

This story originally appeared on Ars Technica.


More Great WIRED Stories

social experiment by Livio Acerbo #greengroundit #wired https://www.wired.com/story/intel-is-investigating-how-confidential-data-ended-up-online