The source code and unique UEFI signing test key for firmware developed by American Megatrends Inc. (AMI) has been discovered on an FTP server in Taiwan. What makes the news especially damning is that the sensitive data was allegedly stored on a public server owned and operated by a third party vendor (perhaps Jetway). As such, virtually every board that runs AMI Aptio UEFI BIOS may be vulnerable to attack which includes most socket LGA1155 and FM2 motherboards as well as some AM3+ boards.
Researcher Brandon Wilson discovered the code among a slew of internal e-mails, system images, photos and even private specification sheets. The private signing test key was also included and leaked which makes it possible and easy for someone to create malicious UEFI updates that can be validated and installed on Ivy Bridge firmware, according to security expert Adam Caudill.
Caudill recently spoke with AMI about the issue and learned that the signing key is the default test key. AMI instructs customers to change this key before building for a production environment although it’s not known if the vendor in question adhered to this advice. Furthermore, the Ivy Bridge code was unmodified.
It’ll all come down to whether or not the vendor changed the key code or not but either way, it’ll be interesting to see what becomes of the source code over time once other researchers get their hands on it. As Caudill noted on his blog, this kind of leak is a dream come true for advanced corporate espionage or intelligence operations.
