MSI Leak of Intel BootGuard & OEM Image Signing Keys

[nonme]

I apologize if this has already been posted, but I have not been able to find it so far.

 

Summary

MSI has leaked their BootGuard and OEM Image Signing keys. With possession of the signing key, an attacker could potentially distribute malicious updates that seem legitimate. Though none have been reported yet, the possession of MSI's signing key could result in attacks on the supply chain.

 

The hackers also acquired a private encryption key used in an MSI version of Intel Boot Guard, which is designed to prevent the loading of malicious firmware. Possession of both keys could allow an attacker to self-sign malicious firmware and gain far-reaching access to systems, bypassing security measures.

 

Quotes
From Wccftech:

Quote

 

The leaked files contain signing keys for a total of over 200 MSI products which can be used to access the firmware of these devices. These include a total of 57 devices whose Firmware Image Signing Keys have leaked out and 116 devices whose Intel BootGuard Keys have leaked.

These keys can be used to tag malicious software with malware as trusted and handed over to the system which ends up compromising its security.

 

From Ars Technica:
 

Quote

The intrusion came to light in April when, as first reported by Bleeping Computer, the extortion portal of the Money Message ransomware group listed MSI as a new victim and published screenshots purporting to show folders containing private encryption keys, source code, and other data. A day later, MSI issued a terse advisory saying that it had “suffered a cyberattack on part of its information systems.” The advisory urged customers to get updates from the MSI website only. It made no mention of leaked keys.

 

 

Sources

Wccftech https://wccftech.com/msi-breach-leaks-intel-bootguard-oem-image-signing-keys-compromises-security-of-over-200-devices-major-vendors/

Ars Technica https://arstechnica.com/information-technology/2023/05/leak-of-msi-uefi-signing-keys-stokes-concerns-of-doomsday-supply-chain-attack/

Sophos (Security Company) https://nakedsecurity.sophos.com/2023/05/09/low-level-motherboard-security-keys-leaked-in-msi-breach-claim-researchers/

[Forbidden Wafer]

To the top.

 

[Forbidden Wafer]

Alternative reaction.

[WereCat]

ASUS be like

 

We're not alone in this mess!

[leadeater]

39 minutes ago, WereCat said:

We're not alone in this mess!

Asus: "At least we aren't MSI"

MSI: "At least we aren't Asus"

 

Ahh, you both failed lol

[jagdtigger]

1 hour ago, Forbidden Wafer said:

To the top.

 

This reminds me, @LinusTech whats up with that plastic dragon?

Spoiler

For those who dont know what i am talking about:

 

 

Edited May 12, 2023 by jagdtigger

[StDragon]

3 hours ago, jagdtigger said:

This reminds me, @LinusTech whats up with that plastic dragon?

  Reveal hidden contents

For those who dont know what i am talking about:

 

 

I vote for lighting it on 

[tzenrick]

I was hoping to hear something about this on WAN Show. We're in After Dark, now, and I haven't heard anything yet....

[bcredeur97]

Has anyone noticed MSI seems to get hacked/compromised in some way like all the time? I feel like I hear *something* about them every year

[Winterlight]

Well but how it affect if you downlaod from legit MSI website ? Mostly is people fault that they downlaod random trash from random website.
I think this leak not affect at all if you always download app only from legit website.

Rule number 1 always double check on what you click before open website. That some result appears on top  for example in Google search is not all time mean that they are legit website. Over all don't download any pirate software, game, movies, music, etc and you will reduce risk to very minimal.

[williamcll]

Does this make ASRock the least problematic?

[TVwazhere]

1 hour ago, williamcll said:

Does this make ASRock the least problematic?

Least relevant*

[Fasterthannothing]

On 5/12/2023 at 11:09 PM, tzenrick said:

I was hoping to hear something about this on WAN Show. We're in After Dark, now, and I haven't heard anything yet....

Honestly the wan show isn't what it used to be. Half of the important tech news goes unreported on that show

[MageTank]

2 hours ago, TVwazhere said:

Least relevant*

Hey, some of the best memory overclocking I have ever done has been on an ASRock board. I'll take their OC Formula's over any Apex board any day and I'll die on that hill, lol.

 

Sure, their LLC might not be functional when not using auto, and sometimes their context menus break and change to Korean in between overclocking sessions, but 50% of the time, their hardware works every time.

[spaghet rat]

On 5/15/2023 at 6:20 AM, williamcll said:

Does this make ASRock the least problematic?

*least everything

[spaghet rat]

On 5/15/2023 at 11:10 AM, MageTank said:

Korean

mandarin

[MageTank]

16 hours ago, spaghet rat said:

mandarin

No, it was definitely Korean, unless "KR" means something else now.

[IkeaGnome]

56 minutes ago, MageTank said:

No, it was definitely Korean, unless "KR" means something else now.

Kinda Really Mandarin?

/s

[spaghet rat]

28 minutes ago, IkeaGnome said:

Kinda Really Mandarin?

/s

i mean asrock is taiwanese idk why korean bios lmao

[MageTank]

4 hours ago, spaghet rat said:

i mean asrock is taiwanese idk why korean bios lmao

You are aware that you can select many different languages in your BIOS, right? The manufacturers language doesn't matter. My point is, poor memory training can allow a system to POST but breaks the context menu of the BIOS to change the entire language despite never being touched manually. Happened several times on my old Z370 Fatality K6.