Intel BootGuard keys leaked through MSI data breach

Published: May 6th 2023, 08:34 GMT   Comments

MSI in trouble after data breach

Ransomware attack on MSI servers could have a significant impact on the security of Intel-based platforms. 

Last month MSI confirmed that a ransomware group is demanding $4 million for the stolen data from company’s servers. MSI acknowledged that the breach and that confidential data was indeed illegally accessed, including company source codes.

The tools for motherboard firmware development are already circulating on the web, suggesting that MSI did not pay the ransom. The company has advised all people interested in this leak that they should not obtain the files because they might contain malicious code added by the attackers. That’s of course on top of being simply illegal to obtain such data.

The cyberattack might have an impact on the security of various Intel-based systems. It is reported that the data might have contained BootGuard keys and that products from Intel, MSI, Lenovo, SuperMicro and others. For MSI this means that over 200 products are affected:

According to Binarly, MSI Stealth, Creator, Crosshair, Prestige, Pulse, Modern, Raider, Sword, Summit, Vector, and Katana laptop series are affected. The complete list has been provided for each model here.

  • FW Image Signing Keys: 57 products
  • Intel BootGuard BPM/KM Keys: 166 products

According to Mark Ermolov, a security researcher focusing on Intel platforms, the leak might also impact Intel CSME (Converged Security and Management Engine), OEM unlock, ISH (Integrated Sensor Hub) firmware, SMIP (Signed Master Image Profile) and other tools.

The scope of this data breach is still uncertain as the code is still being investigated by security experts. Intel almost certainly have to reassign new keys to all affected partners, however what does this mean for end-user is still unknown. Intel did not publish a statement on the leak, while MSI only acknowledged the data breach.

Update: Intel has provided the following statement:

“Intel is aware of these reports and actively investigating. There have been researcher claims that private signing keys are included in the data including MSI OEM Signing Keys for Intel® BootGuard. It should be noted that Intel BootGuard OEM keys are generated by the system manufacturer, and these are not Intel signing keys.”

Source: CyberNews, Mark Ermolov

Comment Policy
  1. Comments must be written in English and should not exceed 1000 characters.
  2. Comments deemed to be spam or solely promotional in nature will be deleted. Including a link to relevant content is permitted, but comments should be relevant to the post topic. Discussions about politics are not allowed on this website.
  3. Comments and usernames containing language or concepts that could be deemed offensive will be deleted.
  4. Comments complaining about the post subject or its source will be removed.
  5. A failure to comply with these rules will result in a warning and, in extreme cases, a ban. In addition, please note that comments that attack or harass an individual directly will result in a ban without warning.
  6. VideoCardz has never been sponsored by AMD, Intel, or NVIDIA. Users claiming otherwise will be banned.
  7. VideoCardz Moderating Team reserves the right to edit or delete any comments submitted to the site without notice.
  8. If you have any questions about the commenting policy, please let us know through the Contact Page.
Hide Comment Policy