Last month, Taiwanese computer manufacturer MSI was targeted in a ransomware attack, leading to the exposure of sensitive data, particularly their private code signing keys. The perpetrators of this attack have since disclosed these keys on their dark web platform, raising significant security concerns for both MSI and its partners.
In a statement on social media, Alex Matrosov, the CEO of the firmware security company Binarly, confirmed the breach, alerting that “the Intel OEM private key leaked, causing an impact on the entire ecosystem.” He indicated that the incident could undermine the efficacy of Intel Boot Guard on devices featuring Intel’s 11th Tiger Lake, 12th Alder Lake, and 13th Raptor Lake chipsets.
The leaked information includes firmware image signing keys for 57 distinct products and private keys for Intel’s Boot Guard that are applicable to 116 MSI products. The ramifications of this leak extend beyond MSI, potentially affecting other device manufacturers like Lenovo and Supermicro due to the shared reliance on these keys.
Intel Boot Guard is a crucial security feature designed to prevent the execution of tampered UEFI firmware. The revelation of this breach, a month after MSI fell prey to a ransomware attack orchestrated by a new group dubbed Money Message, amplifies the urgency for enhanced cybersecurity measures across the industry.
MSI has reported that affected systems are gradually returning to normal operations, indicating no severe impact on their financial activities. However, the company has strongly advised users to download firmware and BIOS updates exclusively from their official website and to avoid third-party sources. The potential consequences of the leaked Intel Boot Guard keys are alarming; adversaries could exploit these vulnerabilities to sign malicious updates and execute harmful payloads without triggering security alarms.
In a recent advisory, MSI urged its users to remain vigilant against fraudulent emails targeted at the gaming community, purportedly originating from the company. This incident underscores a broader issue concerning UEFI firmware and its security; a similar leak involving Intel’s Alder Lake BIOS source code occurred in October 2022, raising questions about long-term vulnerabilities in supply chains.
Supermicro Products Confirmed Safe
In the wake of the leak, Supermicro has asserted that its products are not affected by the compromised Intel Boot Guard keys. A representative confirmed that their ongoing investigation found no vulnerabilities stemming from the breach. Intel has acknowledged the reports and is currently conducting its examination regarding the exposure of these private signing keys.
Per Intel’s clarification, the Boot Guard OEM keys are generated by system manufacturers rather than Intel itself, emphasizing that these vulnerabilities originate from third-party actions rather than a direct security lapse from Intel. This incident serves as a critical reminder of the pressing need for rigorous security protocols and vigilance across the tech landscape.
