Following a recent cyber attack on MSI's systems, hackers managed to obtain private keys and Intel BootGuard Keys, according to a warning from respected security firm Binarly.
These keys are essential for maintaining the security of a company's devices and firmware, and the leak could result in severe security compromises. Binarly's CEO, Alex Matrosov, disclosed on Twitter that 57 MSI products utilize the leaked private keys to sign MSI firmware, while 116 MSI products also employ the leaked Intel BootGuard Keys to validate a computer's boot sequence. The leaked keys also endanger other PC manufacturers, as they share the same keys in their devices, rendering their products susceptible to cyber attacks as well. MSI acknowledged the cyber attack in April but did not divulge details about the nature of the attack or the perpetrators. Nevertheless, ransomware group Money Message claimed responsibility, alleging that they had stolen 1.5TB of data and demanded a $4 million ransom from MSI.
To protect against possible security breaches, MSI customers are advised to install firmware and BIOS updates exclusively from MSI's official website.
Intel now also has responded:
“Intel is aware of these reports and actively investigating. There have been researcher claims that private signing keys are included in the data including MSI OEM Signing Keys for Intel® BootGuard. It should be noted that Intel BootGuard OEM keys are generated by the system manufacturer, and these are not Intel signing keys.”
Intel Boot Guard Security Under Scrutiny as Leaked Keys Threaten MSI PC System Safety
Intel's Boot Guard technology, a vital component of the Intel Hardware Shield, offers a critical security layer for PCs by permitting only verified applications to run pre-boot. In a white paper discussing below-the-OS security, Intel highlights its BIOS Guard, Boot Guard, and Firmware Guard technologies. Among these, Boot Guard serves as a key element in hardware-based boot integrity, meeting Microsoft Windows requirements for UEFI Secure Boot. However, recent developments have called its efficacy as a security measure for various MSI systems into question.
The exposure of Boot Guard keys and additional data for 57 MSI PC systems by supply chain security platform Binarly and its founder Alex Matrosov has left these machines' owners susceptible to security risks. Alongside the firmware keys for 57 MSI PC systems, the Intel Boot Guard BPM/KM keys for 166 systems have been compromised, potentially allowing hackers unauthorized access. Hackers could also create counterfeit MSI websites or apps to trick users into downloading malicious software. These fake apps can now be signed and appear as if they are from MSI, making it challenging for users to identify them.
To avert possible security breaches, owners of affected devices with Intel Core 11th Gen Tiger Lake CPUs or newer must strictly adhere to updates exclusively from the MSI site. However, it remains uncertain whether the exposed keys can be revoked or what actions the involved parties will take moving forward. Neither MSI nor Intel has released an official statement addressing the leak thus far. It is vital to refrain from inspecting stolen files on the dark web or other sources, as they may contain malware.