TECH NEWS – Intel BootGuard and OEM image signing keys are among the 1.5 TB of data recovered from MSI servers.
In April, a hacker group called Money Message revealed that they had hacked into MSI servers and stolen one and a half terabytes of data, including source code. They also got hold of data considered essential for the company’s integrity and demanded $4 million from MSI, or they would release the files. MSI refused to pay, so the group on Thursday put everything on public servers…
According to Binarly, all Intel BootGuard keys stolen from MSI are not only for that manufacturer’s products but also for Lenovo, Supermicron, and a few other companies besides Intel itself. The leaked files include signing keys that affect more than 200 MSI products. Fifty-seven devices on the list have had their firmware image signing codes leaked, and 116 devices have had their Intel BootGuard keys leaked. These are important because they are used to flag unauthenticated, untrusted programs, PCMag claims, so they don’t appear to be harmful, but the trust flag makes the system vulnerable.
“The signing keys for fw [firmware] image allow an attacker to craft malicious firmware updates, and it can be delivered through normal BIOS update processes with MSI update tools,” said Alex Matrosov, CEO of Binarly. In response, MSI said only to download UEFI/BIOS firmware updates from their website. According to Matrosov, BootGuard is not as effective on Intel’s 11th-13th generation (Tiger Lake, Alder Lake, Raptor Lake) platforms. The leak also affects the OEM’s signature-based mechanisms within the CSME (Converged Security and Management Engine). Intel and its partners must state how they will address this serious security vulnerability.
It is more than embarrassing for MSI. They could have prevented the situation if they had more security in place.