What Intel’s 20 GB Source Code Leak Reveals About Firmware Security

Event Review

On August 6, Swiss software engineer Till Kottmann uploaded about 20 GB of Intel’s internal data and documents to the file‑sharing site MEGA. The files, marked as confidential or restricted, were allegedly obtained from an anonymous hacker who claimed to have stolen Intel data earlier in the year. Intel is investigating the leak but denies that it constitutes a data breach.

Kottmann noted that browsing the firmware source code revealed comments related to a backdoor, though the term may not refer to an exploitable access point.

The leaked materials, many of which had never been seen before, include:

Intel ME Bringup guide, flash tools, and platform examples

Kabylake (Purley Platform) BIOS reference and initialization code

Intel CEFDK (Consumer Electronics Firmware Development Kit) source code

Silicon/FSP source packages for various platforms

Various Intel development and debugging tools

Rocket Lake S and other platform Simics simulations

Roadmaps and other documentation

Camera driver binary developed for SpaceX

Unreleased Tiger Lake platform documents, tools, and firmware

Kabylake FDK training video

Intel Trace Hub + decoder files for multiple Intel ME versions

Elkhart Lake silicon reference and platform sample code

Debug BIOS/TXE versions for various platforms

Bootguard SDK (encrypted zip file)

Intel Snowridge / Snowfish Process Simulator ADK

Intel Marketing Material Templates (InDesign)

Most of the leaked files are protected intellectual property related to different chip designs, including technical specifications, product guides, and CPU manuals dating back to 2016.

Intel Response

Intel spokesperson stated that no backdoor exists, as Intel’s product development policies prohibit undocumented design access, exposure of sensitive device information, or bypassing security features.

Preliminary investigation suggests the data may have originated from Intel’s Resource and Design Center (IRDC), which stores information accessible to registered customers, partners, and internal staff. Employees with higher privileges can access client and OEM data as well as Intel’s IP such as tools, test scopes, and pre‑release product information. Intel believes a user with download rights likely shared the data.

Further details are still under investigation.

Event Analysis

Kottmann maintains a repository of code gathered from misconfigured dev‑ops tools and other sources, containing data and proprietary code from companies like Microsoft, Qualcomm, AMD, and Lenovo. He claims to have removed as much confidential information as possible.

An anonymous hacker told Kottmann they discovered an improperly protected Intel server on a CDN. Using a custom Python script, the hacker tested default credentials and accessed files and directories.

This story continues to develop.