The Potential Leaked MSI Gaming Keys for Intel-based Firmware Highlight Long-Term Concerns with Firmware Security
Background
Recently, an alleged leak of Intel Boot Guard private keys for 116 MSI products by “Money Message,” a ransomware gang, has brought to light concerns about firmware security. The leak is said to include image-signing private keys for 57 MSI products as well. If hackers get hold of these MSI-related Intel Boot Guard signing keys, they could potentially load vulnerable firmware onto affected devices. This attack vector could be damaging in the long-term and presents a significant firmware security problem for years to come.
What is Intel Boot Guard?
Intel Boot Guard is a hardware-based security technology designed to protect computers against executing tampered-with, non-genuine Unified Extensible Firmware Interface (UEFI) firmware. The technology aims to prevent potential attackers from modifying BIOS. The BIOS runs before the device’s OS, making the vulnerable code present at the most basic device level and, therefore, challenging to patch or defend against.
Long-Term Concerns
Security experts have expressed that the potential leak of MSI Gaming keys for Intel-based firmware is concerning for firmware security in the long-term. Stealing signing keys, mainly for something that can only be updated in firmware, which means few people will do it, usually entails a long tail of incidents years after disclosure.
Impact of the Leak
If threat actors get hold of the MSI-related Intel Boot Guard signing keys, they potentially could load vulnerable firmware onto affected devices that appear to be signed by the vendor and thus legitimate. This could leave devices highly vulnerable to cyberattacks, as the BIOS runs even before a device’s OS, making it difficult to patch or defend against.
Recommendations
To mitigate any risks from the incident, organizations should ensure they have a trusted process for all digital assets, including IoT/OT. Using other forms of protection, such as monitoring and network access control, should also help prevent exploitation of the leaked keys. Additionally, firmware and other private keys should be kept separate from code as much as possible to mitigate the risk of theft. Applying patches, which is often overlooked but primarily the best defense against future potential attacks, is another way organizations can defend against firmware attacks.
Conclusion
The potential leak from MSI Gaming of signing keys for an important security feature in Intel-based firmware could cast a shadow on firmware security for years to come. Organizations must take firm steps toward securing their devices’ firmware, including keeping keys separate from code and ensuring patches are up to date to prevent potential future attacks.
<< photo by FLY:D >>
You might want to read !
- “Uncovering the Dark Side of Genomic Technology: The Alarming Vulnerability of DNA Sequencing Equipment to Cyber Attacks”
- “Apple and Google’s Proposal for Unified Safety and Security Standards: Is Privacy still a Concern?”
- US investigates potential cybersecurity threats posed by Rockwell Automation’s China operations
- SideWinder’s Multiphase Polymorphic Attack Hits Pakistan and Turkey: Exploring the Impact and Scope of the Incident
- The Rise of ScanBox Keylogger: Watering Hole Attacks on the Horizon
- “Human Error: Cyber Incidents Spike with 1.5x Increase in Daily Cases”
