MSI in trouble after data breach
Ransomware attack on MSI servers could have a significant impact on the security of Intel-based platforms.
Last month MSI confirmed that a ransomware group is demanding $4 million for the stolen data from company’s servers. MSI acknowledged that the breach and that confidential data was indeed illegally accessed, including company source codes.
The tools for motherboard firmware development are already circulating on the web, suggesting that MSI did not pay the ransom. The company has advised all people interested in this leak that they should not obtain the files because they might contain malicious code added by the attackers. That’s of course on top of being simply illegal to obtain such data.
The cyberattack might have an impact on the security of various Intel-based systems. It is reported that the data might have contained BootGuard keys and that products from Intel, MSI, Lenovo, SuperMicro and others. For MSI this means that over 200 products are affected:
According to Binarly, MSI Stealth, Creator, Crosshair, Prestige, Pulse, Modern, Raider, Sword, Summit, Vector, and Katana laptop series are affected. The complete list has been provided for each model here.
- FW Image Signing Keys: 57 products
- Intel BootGuard BPM/KM Keys: 166 products
It seems this leak affects not only Intel Boot Guard technology, but all OEM signing-based mechanisms in CSME, such as OEM unlock (Orange Unlock), ISH firmware, SMIP and others… https://t.co/Eptmbo6cci
— Mark Ermolov (@_markel___) May 5, 2023
According to Mark Ermolov, a security researcher focusing on Intel platforms, the leak might also impact Intel CSME (Converged Security and Management Engine), OEM unlock, ISH (Integrated Sensor Hub) firmware, SMIP (Signed Master Image Profile) and other tools.
The scope of this data breach is still uncertain as the code is still being investigated by security experts. Intel almost certainly have to reassign new keys to all affected partners, however what does this mean for end-user is still unknown. Intel did not publish a statement on the leak, while MSI only acknowledged the data breach.
Update: Intel has provided the following statement:
“Intel is aware of these reports and actively investigating. There have been researcher claims that private signing keys are included in the data including MSI OEM Signing Keys for Intel® BootGuard. It should be noted that Intel BootGuard OEM keys are generated by the system manufacturer, and these are not Intel signing keys.”