During an attack on the information systems of MSI, hackers were able to extract over 500 GB of the company's internal data, including source code for firmware and related tools for their assembly. The attackers demanded $4 million for non-disclosure, but MSI refused and some data was published publicly.
Among the published data were Intel's private keys, which were used to sign the firmware released by MSI and to ensure secure boot using Intel Boot Guard. The presence of firmware signing keys makes it possible to generate correct digital signatures for a fake or modified firmware. Boot Guard keys allow bypassing the mechanism of launching only verified components at the initial boot stage, which can be used, for example, to compromise the UEFI Secure Boot mechanism.
The firmware signing keys affect at least 57 MSI products, and the Boot Guard keys affect 166 MSI products. It is assumed that the Boot Guard keys are not limited to compromising MSI products and can also be used for attacks on equipment from other manufacturers using 11th, 12th, and 13th generation Intel processors (such as Intel, Lenovo, and Supermicro motherboards). In addition, the disclosed keys can be used for attacks on other verification mechanisms using the Intel CSME (Converged Security and Management Engine) controller, such as OEM unlock, ISH (Integrated Sensor Hub) firmware, and SMIP (Signed Master Image Profile).
No comments yet