Security company Binarly claims that hackers who carried out a cyber attack on MSI’s systems in April captured both private keys and Intel BootGuard. The hackers published these keys and that would affect other PC manufacturers.
Binarly CEO Alex Matrosov writes on Twitter that 57 MSI products use the leaked private keys. These keys are used to sign MSI firmware on devices and are an important measure to ensure the security of company devices. Leaking it can lead to critical security holes because it gives attackers the opportunity to sign malicious software.
According to the man, 116 MSI products also use the leaked Intel BootGuard Keys. Intel BootGuard verifies the boot sequence of a computer with an Intel CPU. The software ensures that malware or other unauthorized software cannot make changes to a device’s UEFI firmware, ensuring its integrity.
Matrosov writes that the leak of the Intel BootGuard Keys at MSI also affects other companies in the industry. After all, they would use the same keys, which means that their devices are now also at increased risk.
At the beginning of April, MSI confirmed that it had fallen victim to a cyber attack. At the time, MSI did not say what kind of attack it was and who was behind it. MSI customers were strongly advised to only install firmware and bios updates from MSI’s official website. BleepingComputer was told by ransomware group Money Message that they were behind the attack. The group claimed to have stolen 1.5TB of data and demanded $4 million from MSI.