Hackers Leak Private Keys; Many MSI Products at RiskLeak Includes Intel Boot Guard and OEM Image Signing Keys for Over 200 Products
The security of hundreds of Micro-Star International products is at risk due to hackers leaking private code signing keys stolen during a data breach last month.
The Money Message ransomware group began leaking stolen data last Thursday after "no agreement" was reached with the Taiwanese PC vendor, the group said on its data leak site. The group in April claimed responsibility for the attack and demanded a $4 million ransom.
Binarly, a cybersecurity company specializing in firmware supply chain security, analyzed the leaked data and discovered leaked private keys affecting various device vendors including Intel, Lenovo, Super Micro Computers and many others.
According to Binarly CEO Alex Matrosov, the company found in the data dump a trove of private keys that could affect numerous devices, including firmware image signing keys for 57 products and Intel Boot Guard keys affecting 166 MSI products.
Matrosov later "confirmed" the findings and said that the leak had affected the firm's entire ecosystem. "It appears that Intel BootGuard may not be effective on certain devices based on the 11th Tiger Lake, 12th Adler Lake and 13th Raptor Lake," he tweeted. These are all code names for Intel's 11th-, 12th- and 13th-generation core processors.
Binarly published a complete list of affected MSI devices, including gaming laptops and mobile workstations, on its GitHub page.
This is the second leak of Key Manifest private encryption keys used to secure Intel's Boot Guard platform.
Impact of the Leak
Binarly's analysis showed the leak contained the Key Manifest and Boot Policy Manifest signing keys, which can be used to sign malicious firmware images to surpass Intel Boot Guard's verification.
Independent security researcher Mark Ermolov, who focuses on Intel systems, agreed with these findings and added, "It seems this leak affects not only Intel Boot Guard technology, but all OEM signing-based mechanisms in CSME, such as OEM unlock (Orange Unlock), ISH firmware, SMIP and others."
Security researcher Francisco Falcon said this leak is "huge" because the private keys are burned into the ACM hardware and therefore cannot be replaced. The private keys on which the entire boot process is verified are compromised "forever," Falcon tweeted.
MSI did not respond to Information Security Media Group's request for confirmation and additional details on Binarly's findings and information about whether any workarounds are available and where MSI is in the process of fixing the issue and rotating the private signing keys.
MSI earlier warned customers to get their BIOS and firmware updates from official sources and "not to use files from sources other than the official website."
Intel said it is "actively investigating" the event. "There have been researcher claims that private signing keys are included in the data, including MSI OEM Signing Keys for Intel BootGuard. It should be noted that Intel BootGuard OEM keys are generated by the system manufacturer, and these are not Intel signing keys," it said.