- Data gleaned from an attack on MSI has been released into the wild after it refused to pay a $4 million ransom.
- The data includes source code for MSI’s firmware and its Intel Boot Guard OEM keys.
- Firmware updates and other MSI software should be downloaded directly from MSI’s official website to mitigate any potential risk.
Back in April, Micro-Star International, better known as MSI was breached.
The notebook, peripheral and component maker said at the time that it had “suffered a cyberattack on part of its information systems”.
The attackers demanded a $4 million ransom from MSI or they would release the information they stole. Among that information were MSI’s firmware source code and its Intel Boot Guard OEM keys.
These keys have now reportedly been released on hacking forums after MSI refused to kowtow to the demands for a ransom. While that is admirable, and best cybersecurity practice, the downside is that MSI’s proprietary information is now in the wild.
The information that has been released allows MSI software to pass authenticity checks when being installed. This means the firmware you’re installing doesn’t get blocked because it looks like a virus to your endpoint security solution. It also has the advantage of blocking software that has been altered.
Now that attackers have these keys, they can, and likely will use them to sneak malware onto PCs.
According to a report from PC World citing security firm Binarly, the files from the hack that were released affect as many as 57 MSI products.
In addition, the attackers also made off with private keys for Intel’s Boot Guard. Speaking with Tom’s Hardware, Intel clarified that these weren’t its keys but keys generated by the manufacturer, in this case – MSI. Intel is actively investigating the matter according to word received by The Register from an Intel spokesperson.
“There have been researcher claims that private signing keys are included in the data including MSI OEM Signing Keys for Intel BootGuard. It should be noted that Intel BootGuard OEM keys are generated by the system manufacturer, and these are not Intel signing keys,” the Intel spokesperson was quoted as saying.
In light of this, owners of MSI products may want to opt to download firmware updates and any other software directly from MSI. In fact, this is good advice no matter which OEM’s hardware you’re using. Getting your software and firmware directly from the manufacturer means that the software is going to work as intended for that hardware.
Tempting fate by downloading updates or software from anywhere else could spell trouble. With that having been said, Afterburner (MSI’s overclocking utility) is also available through Guru3D as well but avoid downloading the software from anywhere else, especially if it claims to have new exclusive features.
Those features could very well be malware.
There are reports which claim this leak, especially of the Boot Guard keys may affect other manufacturers but these are currently unconfirmed. Should it come to light that other manufacturers are indeed impacted by this information leak we will update this story.
Supply chain security platform creator Binarly is currently investigating the breach and you can follow that over on Twitter. The firm also compiling all of its discoveries on its GitHub page here.
