A recent breach in MSI’s servers exposed Intel’s BootGuard keys and has now put the security of various devices at risk.
Major MSI Breach Affects The Security of Various Intel Devices
Last month, a hacker group by the name of Money Message revealed that they had breached MSI’s servers and stolen 1.5 TBs of data from the company’s servers including source code amongst a list of various files that are important to the integrity of the company. The group asked MSI to pay $4.0 million in ransom to avert them from releasing the files to the public but MSI refused the payment.
This action promoted the group to release the files on public servers this Thursday and based on an investigation done by BINARLY, the files include Intel BootGuard keys from MSI which not only affects MSI itself but also other major vendors including Intel, Lenovo, Supermicron & many others.
⛓️Digging deeper into the aftermath of the @msiUSA data breach and its impact on the industry.
🔥Leaked Intel BootGuard keys from MSI are affecting many different device vendors, including @Intel , @Lenovo, @Supermicro_SMCI, and many others industry-wide.
🔬#FwHunt is on! https://t.co/NuPIUJQUgr pic.twitter.com/ZB8XKj33Hv
— BINARLY🔬 (@binarly_io) May 5, 2023
The leaked files contain signing keys for a total of over 200 MSI products which can be used to access the firmware of these devices. These include a total of 57 devices whose Firmware Image Signing Keys have leaked out and 116 devices whose Intel BootGuard Keys have leaked.
Why these keys are so important is because they are used to flag certain software that isn’t verified as untrusted and “potentially malicious”, says PCMAG. These keys can be used to tag malicious software with malware as trusted and handed over to the system which ends up compromising its security.
“The signing keys for fw [firmware] image allow an attacker to craft malicious firmware updates and it can be delivered through normal BIOS update processes with MSI update tools,” Binarly CEO Alex Matrosov tells PCMag.
MSI replied to its customers to avoid downloading UEFI/BIOS Firmware from any place except its own official websites where the proper version will be available without any fear of being compromised. Furthermore, since these files have been made public over the last couple of days, it is very likely a number of UEFI/BIOS firmware are already floating around various sections of the web with malicious code.
It seems this leak affects not only Intel Boot Guard technology, but all OEM signing-based mechanisms in CSME, such as OEM unlock (Orange Unlock), ISH firmware, SMIP and others… https://t.co/Eptmbo6cci
— Mark Ermolov (@_markel___) May 5, 2023
According to Alex Matrosov, the CEO of BINARLY, the leak is confirmed to include Intel’s private keys for OEM devices. Furthermore, the BootGuard may not be as effective on devices based on 11th-Gen Tiger Lake, 12th-Gen Alder Lake, and 13th-Gen Raptor Lake platforms. The leak also affects all OEM signing-based mechanisms within CSME (Converged Security and Management Engine) as stated by Alex. Intel and its partners who are affected by this leak have to to comment on how they plan on tackling this major security flaw that’s occured through this breach.
Source: VideoCardz
