After cybercriminals broke into MSI systems about a month ago, researchers from the IT security company Binarly found tens of private keys for signing MSI firmware and four Intel Bootguard keys in the wild affecting hundreds of MSI products. Attackers could publish manipulated firmware for the affected systems and thus completely compromise systems.
Binarly CEO Alex Matrosov has the finds reported on Twitter. He writes: “Confirmed, Intel OEM private keys have been leaked, affecting the entire ecosystem. It appears that Intel Bootguard is ineffective on certain devices running on 11th (Generation) Tiger Lake, 12th (Generation) Alder Lake and 13th (generation) Raptor Lake based”. However, investigations were still ongoing. In a previous Tweet hints at binarythat other device manufacturers could also be affected and names Intel, Lenovo, Supermicro “and many others industry-wide”.
MSI: Leaked private keys
With the leaked firmware-signing private keys, cybercriminals could create their own firmware with malicious additions and sign it so that it would be accepted as genuine MSI firmware. The Intel Bootguard keys are used to ensure that only verified code is loaded when a system boots. This is intended to ensure hardware-based integrity as part of UEFI Secure Boot.
Binarly has a Github project opens and collects the found keys as well as affected systems. At the time of the report, the IT security researchers found 27 private firmware signing keys affecting 57 MSI products. There are also four private Intel Bootguard keys that are used in 116 MSI products.
Since cybercriminals can use the leaked keys to create firmware that is classified as trustworthy by the security mechanisms, MSI rightly warned after the cyber intrusion in early April that firmware and BIOS updates should only be downloaded from the official website. At that time, the burglars are said to have threatened to publish the stolen data such as BIOS files, ERP database, private keys and source code if MSI did not pay a ransom. Apparently they carried out that threat.
(dmk)
