Security
Now Reading
Hackers Leaked MSI’s Private Signing Keys From Its Recent Breach
Contents
0

Hackers Leaked MSI’s Private Signing Keys From Its Recent Breach

by Low Boon ShenMay 8, 2023
What's your reaction?
Me Gusta
0%
WOW
0%
Potato
0%
Sad Reacc
0%
Angery
0%

Hackers Leaked MSI’s Private Signing Keys From Its Recent Breach

Any firmware signed with the leaked keys may potentially evade security checks as they can be deemed as verified.

Hackers Leaked MSI's Private Signing Keys From Its Recent Breach

Image: PCMag

Previously, ransomware group Money Message raided MSI’s internal servers and claimed to have siphoned internal data which includes source code and private signing keys used for firmware verification. A refresher – private keys, much like how standard encryption works, ensures that the sensitive files, such as BIOS firmware are authentic to prevent malicious actors from performing persistent rootkit attacks. The group claimed that the Taiwanese company refused to pay the $4 million fee and the stolen data is thus published in the dark web.

Upon inspection of the leaked files from cybersecurity firm Binarly, the company has confirmed that private signing keys for 57 of MSI’s products are among the data contained in the leak. The list, which is published on Github, reveals that all models affected are laptops. No desktop motherboard firmware has been affected in this leak.

Hackers Leaked MSI's Private Signing Keys From Its Recent Breach 21

Image: Binarly (Twitter @binarly_io)

This means that hackers can distribute malicious versions of firmware signed with these keys – and affected systems will treat them as legitimate as if they were signed by MSI themselves. Aside from the laptops themselves, some of the keys are in fact belonged to Intel Boot Guard and covers up 116 of MSI’s products (all of which are laptops). Binarly has noted that such keys is used across the industry – so there may potentially wider impact among Intel-based machines.

Binarly CEO Alex Matrosov, replying to PCMag has noted that not much can be done on MSI’s part. “I think for MSI it will be a complicated situation since to deliver new signing keys they still need to use leaked ones,” he said. “I don’t believe they do have any revocation mechanisms.”

Source: PCMag

Pokdepinion: Updating firmware on MSI laptops is about to get a whole lot messier knowing this – will be hard to tell the scale of potential impact from this incident.

About The Author
Low Boon Shen
Is technology powered by a series of tubes?