MSI Data Breach Might Have Leaked Intel Bootguard Private Keys

MSI data breach might have leaked Intel BootGuard private keys. A recent ransomware attacks suffered by MSI may just have leaked some really key Intel codes.

MSI Data Breach

The recent ransomware attack on MSI, a computing giant, which the company has said had resulted in, “no significant impact on the business in terms of finances or operations,” actually did after all have a really significant business impact.

Cybersecurity researchers following the attack as well as the subsequent data leak in April 2023, started going through the data for interesting tidbits. And one such individual, Alex Matrosov, has now taken to Twitter to state that the BootGuard private keys of Intel were probably leaked with the database.

“The data has now been made public, revealing a vast number of private keys that could affect numerous devices,” he reportedly tweeted. “FW Image Signing Keys: 57 products; Intel BootGuard BPM/KM Keys: 166 products.”

Devices Affected By the Leak According To the Researchers

The researcher also explained which of the devices that could be affected by the leak, thus saying that “it appears that Intel BootGuard may not be effective on certain devices based on the 11th Tiger Lake, 12th Adler Lake, and 13th Raptor Lake. Our investigation is ongoing, stay tuned for updates.”

Binarly, an automated firmware supply chain security platform, joining in on all of the action twitted that the “leaked Intel BootGuard keys from MSI are affecting many different device vendors, including Intel, Lenovo, Supermicro, and many others industry-wide.”

What Is Intel Boot Guard

On ServeTheHome, Intel Boot Guard is described as a “formof protection” that is very much similar to Secure Boot, with the main difference here being Boot Guard requiring an Authenticated Code Module, that is signed cryptographically, by Intel.

“It could mean that attackers can sign tampered systems and then gain access to what would be considered a secure system,” the publication however claims.

And while everyone seems to be up in arms over these new findings, stating that the leak could have “enormous downstream impact”, and we are still waiting for confirmation that the keys in question are actually authentic. The Twitter account of Intel is at the moment silent on the matter.

MSI Filed A Document with the Taiwanese Stock Exchange A Month Ago

The Taiwanese computing hardware powerhouse MSI roughly just a month ago, filed a document with the Taiwanese Stock Exchange, thus breaking the news of the ransomware as well as the subsequent data theft.

How Does A Breach Happen?

Data breaches can happen in various ways and one example would be that of an employee making use of a computer of a coworker and then reading files without having the correct and right authorization permissions. With that being said, the access as you should know is unintentional and no information is shared here. And due to the fact that it was viewed by an unauthorized user, the data here is considered to be breached. It is that simple.



Please enter your comment!
Please enter your name here