Via an open ftp server from a Taiwanese motherboard and videokaartfabrikant are the source of American Megatrends firmware and an authentication key for uefi firmware for Intel’s Ivy Bridge on the street.
The open ftp server was discovered by Brandon Wilson, writes Adam Caudill’s blog. On the system were bedrijfmails, system-images, and Excel documents with sensitive information, and specifications of products. In a folder with the name of Code were the most interesting files, according to Caudill.
So he found source code for different versions of the uefi firmware from American Megatrends Incorporated or AMI, including those for Intel’s Atom Cedar Trail, Sandy Bridge and Ivy Bridge. Uefi is the successor of bios. The firmware for Ivy Bridge, there was also the authentication key on the server, which is used for the validation as users of their uefi update. With the source code and the key, attackers are basically versions of the firmware with backdoors or other malware, which then without problems can be installed on users ‘ systems.
In the past, similar authentication methods, but abused to systems into thinking that the malicious code to legitimate software. As used Stuxnet certificates of the Taiwanese company Realtek. The authentication key from the uefi firmware would be difficult to withdraw, and the drain of the source code, you can have long consequences, because competitors of American Megatrends and possible attackers now have full access to the documents in the code.
The firmware versions are recently, may of in February of last year. “I hope that American Megatrends is a thorough security audit of its code is run to ensure that the leak users are not vulnerable,” writes Caudill. The beveiligingsexpert made itself a classic mistake by details of the flaw to publish that to the conscious Taiwanese company to resolve.
