Intel investigating leak of Intel Boot Guard private keys after MSI breach

Topic

New Reply

https://www.bleepingcomputer.com/news/security/intel-investigating-leak-of-intel-boot-guard-private-keys-after-msi-breach/

Intel is investigating the leak of alleged private keys used by the Intel Boot Guard security feature, potentially impacting its ability to block the installation of malicious UEFI firmware on MSI devices.

In March, the Money Message extortion gang attacked computer hardware make MSI, claiming to have stolen 1.5TB of data during the attack, including firmware, source code, and databases.

As first reported by BleepingComputer, the ransomware gang demanded a $4,000,000 ransom and, after not being paid, began leaking the data for MSI on their data leak site.

Last week, the threat actors began leaking MSI’s stolen data, including the source code for firmware used by the company’s motherboards…

On Friday, Alex Matrosov, the CEO of firmware supply chain security platform Binarly, warned that the leaked source code contains the image signing private keys for 57 MSI products and Intel Boot Guard private keys for 116 MSI products.

“Intel is aware of these reports and actively investigating. There have been researcher claims that private signing keys are included in the data including MSI OEM Signing Keys for Intel® BootGuard,” Intel told BleepingComputer in response to our questions about the leak.

“It should be noted that Intel BootGuard OEM keys are generated by the system manufacturer, and these are not Intel signing keys.”

Matrosov said that this leak may have caused Intel Boot Guard not to be effective on MSI devices using “11th Tiger Lake, 12th Adler Lake, and 13th Raptor Lake” CPUs…

2 users thanked author for this post.

GeeBeeDee, Fred

Reply | Quote