Every other day, hackers are out there committing a new attack, exploiting a vulnerability, or attempting to extort people with ransomware. MSI is the latest victim, with hackers disclosing material acquired from a last-month breach of MSI's systems.
This has the potential to be a major situation. According to tweets from Binarly founder Alex Matrosov, at least some of the previously stolen 1.5TB of data has been vulnerable. Private keys, some of which seem to be Intel Boot Guard keys, are included in the data. The leak of such keys affects not only MSI computers but also those from other vendors like Lenovo and Supermicro. Supermicro reached out to PC Gamer stating that based on its current review, its products are not affected by this breach.
Boot Guard is a cryptographic system that prevents fraudulent UEFI firmware or modified BIOS from being executed on PCs. Bypassing these checks, an attacker could acquire complete access to a system, access secure data, or utilize it for any variety of illicit activities.
Given the potential of so-called secondary downloads, the use of UEFI keys is especially concerning. Using typical phishing or email delivery strategies, any malware produced as a result of a firmware update including these keys would appear genuine, and antivirus software would ignore it.
The data was released after a group called Money Message claimed responsibility for the hack of MSI's internal systems (via Bleeping Computer(opens in new tab)). MSI was ordered to pay the organization $4,000,000. The release of the data would suggest that MSI didn't pay up.
The consequences of this breach will take time to assess, not to mention the time it may take to devise mitigations. In the following days, we might expect statements from the relevant parties. Meanwhile, exercise caution and avoid downloading any BIOS, firmware, or system software from sources other than the authorized website. This is true of all system software, not just MSIs.