An FTP server in Taiwan that could be publicly accessed, leaked the source code of AMI Aptio UEFI BIOS, including AMI's unique UEFI signing test key.
Among the leaked bits of software include the source code of AMI BIOS, Aptio, and AMI's UEFI test signing key, which is used by all its clients to sign their BIOS updates.
•Recent disclosures via the personal blog site of an industry blogger and researcher detailed the discovery of a “leaky” FTP server from an unnamed Taiwan-based vendor containing AMI UEFI BIOS source code and suspected security key data among various internal data
•AMI would like to clarify that this leak is not the fault of AMI and is not a result of a security lapse on AMI’s behalf
•In response, AMI states that this is not a general security threat which could “create a nearly undetectable, permanent hole in a system’s security” if the manner in which production-level BIOS is signed and created uses a production key.
·
