• Mon. Jun 17th, 2024

Private Code Signing Keys From the MSI Data Breach Were Posted on the Dark Web

Avatar photo

ByHarper Stewart

Jul 6, 2023
MSI Data Breach: Code Signing Keys compromised
Harper Stewart
Latest posts by Harper Stewart (see all)

The founder and CEO of the firmware security company Binarly, Alex Matrosov, tweeted over the weekend, “Confirmed, Intel OEM private key leaked, having an impact on the entire ecosystem.” It seems that some devices based on the 11th Tiger Lake, 12th Adler Lake, and 13th Raptor Lake may not be protected by Intel Boot Guard.

Details About the Attack

Firmware image signing keys for 57 PCs and private signing keys for Intel Boot Guard used on 116 MSI devices may both be found in the released material. The MSI Boot Guard keys are thought to have an effect on a number of device manufacturers, including Intel, Lenovo, and Supermicro.

A hardware-based security mechanism called Intel Boot Guard is intended to prevent computers from running modified UEFI software. The news came just one month after MSI was the target of a double extortion ransomware attack launched by the newly discovered Money Message ransomware organization.

At the time, according to MSI’s regulatory filing, “the affected systems have gradually resumed normal operations, with no significant impact on financial business.” It nonetheless recommended consumers to stay away from downloading files from other sources and to only get firmware and BIOS upgrades from its official website.

The compromise of a crucial firmware integrity test caused by the disclosure of the Intel Boot Guard keys raises serious concerns since it might enable threat actors to sign malicious updates and other payloads and distribute them on selected devices undetected.

MSI Warnings

It also comes after a previous warning from MSI warning users to watch out for scam emails that target the online gaming community and falsely claim to be from the business under the guise of a prospective partnership.

The UEFI firmware code has previously made its way into the public domain. Intel acknowledged the third-party leak of the secret signing key used for Boot Guard along with the Alder Lake BIOS source code in October 2022.

Avatar photo

Harper Stewart

With a deep understanding of the complexities of the Dark Web, Harper curates informative and thought-provoking content for our readers. Her knowledge of the hidden corners of the internet and cybersecurity helps shed light on the often mysterious and illicit activities that take place in this realm.