MSI 被黑客攻击后, 英特尔调查泄露的英特尔 Boot Guard 私钥

英特尔正在调查黑客’ claims that they have stolen MSI’s private keys used by the Intel Boot Guard. The fact is that such a leak may affect the ability to block malicious UEFI versions on MSI devices.

As it became known in early April 2023, the extortionate group Money Message announced that the Taiwanese manufacturer MSI (Micro-Star International) had been hacked. According to media reports, extortionists stole approximately 1.5 TB of data from the company and demanded a ransom of $4,000,000.

The attackers wrote that they had at their disposal “the MSI source code, including the BIOS development framework”, as well as “private keys that allow you to sign any custom module of this BIOS and install it on a PC with this BIOS.”

让我提醒你,我们也写过 安全启动在 MSI 主板上运行一年多了. Also the media wrote that Fake MSI Afterburner Infects UsersMachines with Miners and Stealers.

As Bleeping Computer now reports, the hackers did not receive a ransom from the company and began to publish stolen information in the public domain, including the source code for the firmware used by MSI motherboards.

英特尔启动保护键

Late last week, Binarly CEO Alex Matrosov warned that the leak contained image signing private keys 为了 57 MSI products and Intel Boot Guard private keys for 116 MSI products.

Matrosov explains that such a leak could result in Intel Boot Guard not working on MSI devices using Tiger Lake, Adler Lake, and Raptor Lake processors. Additionally, MSI’s Boot Guard keys appear to be affecting several device manufacturers, including Intel, Lenovo, 和 Supermicro.

英特尔启动保护键

We have evidence that the MSI data breach affected the entire Intel ecosystem. This is a direct threat to MSI customers and, unfortunately, not only to them. Signing keys for fw images allows attackers to create malicious firmware updates that can be delivered using the normal BIOS update process and MSI update tools. Leaking Intel Boot Guard keys affects the entire ecosystem (not just MSI) and renders this protective feature useless.the expert says.

The protective function Intel Boot Guard, built into modern Intel hardware, is designed to prevent the loading of malicious firmware, that is, UEFI bootkits, and is one of the main requirements of Windows UEFI Secure Boot.

The fact is that malicious firmware is loaded before the OS is loaded, which allows it to hide its activity from security software and remain present on the device even after reinstalling the operating system. To protect against this, Intel Boot Guard verifies that the firmware image is signed with a legitimate private signing key using the public key built into the Intel hardware.

The worst thing about the leak is that the public keys used to verify firmware signed with the now compromised keys are embedded in the Intel hardware. If they cannot be changed, Intel Boot Guard protection can no longer be relied upon.

Intel representatives told the media that they are aware of these expert warnings, and the company is already conducting its own investigation.

Researchers claim that the leaked data includes private keys, including MSI OEM signing keys for Intel® BootGuard. It should be noted that Intel BootGuard OEM keys are generated by the system manufacturer and are not Intel Signing Keys.say in the company

Supermicro representatives say they have also looked into the potential risks associated with this leak, and the company is confident that its products are not affected.

Binarly analysts have already published a list of affected MSI hardware, which includes 116 devices compromised as a result of leaked Intel Boot Guard keys.

关于作者

卡琳娜·威尔逊

随着超过 10 多年在线和印刷媒体写作经验, 我是提供清晰且引人注目的文案的专家.

我曾为一家领先的 SEO 文案机构撰写文章,也为一些英国最知名的品牌撰写文章, 杂志和报纸.

发表评论