57 MSI laptop models are insecure as they can be hacked with UEFI attacks

The Money Message extortion group attacked MSI in March, claiming to have taken 1.5TB of data. Firmware, source code, and databases were included in this material. When the $4 million ransom demand was not met, the ransomware organization began distributing the stolen material on its data breach website. The source code of the firmware used in MSI motherboards was included in the information stolen from the corporation. In addition, the compromised source code included Intel Boot Guard private keys for 116 MSI devices, as well as image signing private keys for 57 MSI products. Modern Intel hardware must include Intel Boot Guard, a crucial security feature intended to stop the payload of malicious code known as UEFI rootkits. It is essential to ensure that the Windows UEFI Secure Boot criteria are met. Malicious firmware can persist long after an operating system is restored,

Intel Boot Guard confirms the validity of a firmware image by determining whether it was signed with a legitimate private signing key and an Intel hardware-embedded public key. Firmware can only be uploaded to the device after it has been confirmed. In such a case, the firmware is disabled. Intel is aggressively investigating the recent disclosure of private keys related to the Intel Boot Guard security feature. The public keys needed to validate software signed with the disclosed keys are believed to be hardwired into Intel’s hardware, making published keys a serious problem. On devices that use the disclosed keys, the reliability of the security feature is at risk unless these keys cannot be changed.

On Twitter, Binary posted a warning about the possible effects of stolen keys on the Intel Boot Guard system. According to the alert, an attacker can sign modified firmware for affected devices using the disclosed private keys, bypassing Intel Boot Guard verification and rendering the technology useless.

Most threat actors may find no use for the exposed keys, but skilled attackers have employed malicious firmware in the past, including the authors of the CosmicStrand and BlackLotus UEFI malware. Binary has released a list of 116 MSI products that are allegedly affected by the stolen Intel Boot Guard keys. Since attackers can now create malicious firmware updates on vulnerable devices without worrying about being discovered by the security feature, the leak emphasizes the urgent need for Intel and MSI to address the potential hole in Intel Boot Guard protection. The breach may have left MSI devices with 11th Tiger Lake, 12th Adler Lake and 13th Raptor Lake CPUs unable to use Intel Boot Guard.

He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He has also worked for security companies such as Kaspersky Lab. His daily work includes investigating new malware and cybersecurity incidents. He also has a deep level of knowledge in mobile security and mobile vulnerabilities.

Send news tips to [email protected] or www.instagram.com/iicsorg/

You can also find us on Telegram www.t.me/noticiasciberseguridad