Leaked private and BootGuard keys in MSI cyber attack pose threat to PC security


The security of multiple Micro-Star International products (MSI) is at risk due to a successful breach of their system by the Money Message ransomware group. The threat actors are demanding the sum of $4 million from the Taiwanese PC vendor, and speculations have it that they are yet to reach an agreement, thus the data leaking by the ransomware group. The leak includes Intel Boot Guard and OEM image signing keys for over 200 products.

Binarly, a cybersecurity company specialising in firmware supply chain security, confirmed discovering leaked private keys affecting various vendors, including Intel, Lenovo, Super Micro Computers, and many others. The leaked data could affect numerous devices, which include firmware image signing keys for 57 products and Intel Boot Guard keys.

Alex Matrosov, Binarly CEO, revealed that the leak affected MSI’s entire ecosystem, exposing the key Manifest and Boot Policy Manifest signing keys, which could be used to sign malicious firmware images to surpass Intel Boot Guard’s verification. “It appears that Intel BootGuard may not be effective on certain devices based on the 11th Tiger Lake, 12th Adler Lake, and 13th Raptor Lake”, - Alex tweeted. These are all code names for Intel’s 11th-, 12th- and 13th-generation core processors.

Francisco Falcon, a security researcher, after analysing the impact of the leak, marvels at the damages done because private keys are burned into the ACM hardware and cannot be replaced. He tweeted: “The private keys on which the entire boot process is verified are compromised forever”.

To mitigate the impact, MSI advised affected customers to get their BIOS and firmware updates from their official site and not to use files from other sources.

MSI is yet to confirm the finding of Binarly, and Intel has responded, saying: “Intel is aware of these reports and actively investigating. There have been researchers' claims that private signing keys are included in the data, including MSI OEM Signing Keys for Intel BootBuard. It should be noted that Intel BootGuard OEM keys are generated by the system manufacturer, and these are not Intel signing keys”.

It remains uncertain whether the exposed keys can be revoked or what actions the involved parties will take to move forward. The fact remains that MSI and Intel are yet to admit that their system was compromised by hackers. In such situations, it's crucial to prioritize the security of your own online activities. One effective measure to enhance your online security is to hide your VPN servise.