The recent data breach experienced by major motherboard manufacturer MSI has led to a leak of low-level motherboard security keys. According to researchers at vulnerability research company Binarly, the breach resulted in the theft of MSI source code, BIOS development tools, and private keys.
Binarly claims to have extracted numerous signing keys from the data in its possession, including one Intel OEM key, 27 image signing keys, and 4 Intel Boot Guard keys. These leaked keys control firmware debugging on 11 different motherboards and run-time verification of firmware codes for 116 different MSI motherboards.
Furthermore, crooks have now leaked an Orange Mode key that enables low-level boot-time debugging on 11 different motherboards supplied by HP, Lenovo, Star Labs, AOPEN, and CompuLab. This development suggests that attackers might be able to trick firmware updating tools into installing what looks like a genuine firmware update and trick the motherboard into allowing rogue firmware to load, even if the update patches the Initial Boot Block itself.
Modern Intel-based motherboards can be protected by multiple layers of cryptographic safety. The first layer is BIOS Guard, which only allows code that’s signed with a manufacturer-specified cryptographic key to get write access to the flash memory used to store Initial Boot Block or IBB. The second layer is Boot Guard, which verifies the code loaded from the IBB.
However, the leak of cryptographic keys in the MSI breach has compromised the security of modern Intel-based motherboards. Once the Boot Guard public keys are burned into your motherboard, they can’t be updated, so if their corresponding private keys are compromised, there’s nothing you can do to correct the problem.
To solve this, experts recommend obtaining firmware/BIOS updates only from the official website of the hardware manufacturer. While the loss of signing keys is a major concern, hardware manufacturers must ensure that their official websites remain secure to prevent further disconcerting security breaches.
The MSI breach is a wake-up call for manufacturers of hardware storing personal and sensitive information. The leak of low-level motherboard security keys shows that cyber security threats have evolved beyond software-based risks and now infiltrate hardware systems. Therefore, hardware manufacturers must understand the risk their products face with every cyber attack and undertake measures that can prevent adversaries from accessing the sensitive information stored on hardware.
<< photo by Athena >>
You might want to read !
- “Iran’s BellaCiao: A Closer Look at the Evolution of Threat Groups’ Malware Tactics”
- Microsoft Releases Second Outlook Zero-Day Patch Attempt
- “FBI foils Moscow’s intricate cyber espionage plot”
- North Korean Hackers Suspected in Major Data Breach at Seoul Hospital
- Law Firm Whiteford Taylor & Preston LLP Discloses Data Breach Incident
- T-Mobile Suffers Another Hack, Raising Concerns About Customer Data Protection
- “Intel Boot Guard Key Leak Raises Long-Term Security Concerns”
- The Danger of Google Ads: LOBSHOT backdoor used to lure Corporate Workers
- Mandiant CEO claims China has redefined its approach to cyberattacks
- “CISA Aims to Bridge the Cybersecurity Gap for Small Businesses and Local Governments”