While Intel is still investigating the incident, the security industry is bracing itself for years of potential firmware insecurity if the keys indeed were exposed.
The potential leak from MSI Gaming of signing keys for an important security feature in Intel-based firmware could cast a shadow on firmware security for years to come and leave devices that use the keys highly vulnerable to cyberattacks, security experts say.
Binarly is the world's most advanced automated firmware supply chain security platform. Using cutting-edge machine-learning techniques, Binary identifies both known and unknown vulnerabilities, misconfigurations, and malicious code in firmware and hardware components.
A recent breach in MSI's servers exposed Intel's BootGuard keys and has now put the security of various devices at risk.
Major MSI Breach Affects The Security of Various Intel Devices
Last month, a hacker group by the name of Money Message revealed that they had breached MSI's servers and stolen 1.5 TBs of data from the company's servers including source code amongst a list of various files that are important to the integrity of the company. The group asked MSI to pay $4.0 million in ransom to avert them from releasing the files to the public but MSI refused the payment.
UPDATE: A new statement(Opens in a new window) from MSI says users should avoid downloading firmware and BIOS updates from third-party sources, and instead only obtain such software from the company's official website.
The statement suggests MSI is worried hackers could circulate malicious versions of the company's BIOS software when the ransomware gang, Money Message, claims it stole the PC maker's source code.
This blog post describes the details and methodology of our research targeting the Windows Installer (MSI) installation technology.
On 2022-12-11, I decided to setup Secure Boot on my new desktop with a help of sbctl. Unfortunately I have found that my firmware was… accepting every OS image I gave it, no matter if it was trusted or not. It wasn't the first time that I have been self-signing Secure Boot, I wasn't doing it wrong.
As I have later discovered on 2022-12-16, it wasn't just broken firmware, MSI had changed their Secure Boot defaults to allow booting on security violations(!!).