MSI leak threatens entire Intel platform, but Intel denied it

Last month, hackers stole confidential software certification keys for the company’s products from MSI’s servers. As Binarly experts found out, among other things, the attackers stole the Intel Boot Guard Keys, which are supposed to provide hardware BIOS protection. Intel released an official statement on the incident yesterday.

Image source: pixabay

The Money Message group that hacked MSI’s servers demanded a ransom of $4 million from the manufacturer, but the money went unpaid. As a result, files stolen during a major MSI hack last month began circulating on the dark web. One of the most important finds among the stolen data is the Intel Boot Guard security keys. They are used to digitally sign software that runs before the operating system loads. Notably, MSI signed their BIOS updates with them to pass the Intel Boot Guard security check.

Now hackers can use the key to sign malicious BIOS, firmware and applications that fully correspond to the official MSI versions. In addition, according to cybersecurity researchers, the leaked keys allow the attack on devices with 11th, 12th and 13th generation core processors. Not only MSI products, but also other manufacturers can suffer from compromised keys, experts warn.

However, on May 8th, Intel itself released an official statement that the keys are generated by OEMs (i.e. MSI itself) and not by Intel itself: “Intel is aware of these reports and is actively investigating them. The researchers claim that private signing keys are included in the data, including MSI OEM signing keys for Intel Boot Guard. It should be noted that the Intel Boot Guard OEM keys are generated by the system manufacturer and are not Intel Signing Keys.“.

Since last month’s hack, MSI has started encouraging customers to only get firmware/BIOS updates from its official website. A well-known company that manufactures personal computers, components and peripherals has been extorted for money by a hacker group called Money Message. The ransomware stole 1.5 TB of data, including various source code files, private keys, and firmware development tools. It is reported that Money Message asked for more than four million dollars to send all data back to MSI.