Ransomware Attack On MSI: Intel Devices affected!

TECH NEWS – Intel BootGuard and OEM image signing keys are among the 1.5 TB of data recovered from MSI servers.

 

In April, a hacker group called Money Message revealed that they had hacked into MSI servers and stolen one and a half terabytes of data, including source code. They also got hold of data considered essential for the company’s integrity and demanded $4 million from MSI, or they would release the files. MSI refused to pay, so the group on Thursday put everything on public servers

According to Binarly, all Intel BootGuard keys stolen from MSI are not only for that manufacturer’s products but also for Lenovo, Supermicron, and a few other companies besides Intel itself. The leaked files include signing keys that affect more than 200 MSI products. Fifty-seven devices on the list have had their firmware image signing codes leaked, and 116 devices have had their Intel BootGuard keys leaked. These are important because they are used to flag unauthenticated, untrusted programs, PCMag claims, so they don’t appear to be harmful, but the trust flag makes the system vulnerable.

“The signing keys for fw [firmware] image allow an attacker to craft malicious firmware updates, and it can be delivered through normal BIOS update processes with MSI update tools,” said Alex Matrosov, CEO of Binarly. In response, MSI said only to download UEFI/BIOS firmware updates from their website. According to Matrosov, BootGuard is not as effective on Intel’s 11th-13th generation (Tiger Lake, Alder Lake, Raptor Lake) platforms. The leak also affects the OEM’s signature-based mechanisms within the CSME (Converged Security and Management Engine). Intel and its partners must state how they will address this serious security vulnerability.

It is more than embarrassing for MSI. They could have prevented the situation if they had more security in place.

Source: WCCFTech

Spread the love
Avatar photo
Anikó, our news editor and communication manager, is more interested in the business side of the gaming industry. She worked at banks, and she has a vast knowledge of business life. Still, she likes puzzle and story-oriented games, like Sherlock Holmes: Crimes & Punishments, which is her favourite title. She also played The Sims 3, but after accidentally killing a whole sim family, swore not to play it again. (For our office address, email and phone number check out our IMPRESSUM)

No comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.