Intel investigating BootGuard security key leak following MSI hack

Confirmation that Intel is investigating raises concerns

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Intelis allegedly investigating a data leak that sawsensitive BootGuard private keys publishedon the dark web.

These private keys are designed to protect the devices from UEFI bootkits, malicious software that’s installed on the device’s firmware, establishing persistence even if the hard drive is replaced.

The news was broken byBleepingComputer, without elaborating what this investigation entails. In response to the attack, Intel told the publication “it should be noted that Intel BootGuard OEM keys are generated by the system manufacturer, and these are not Intel signing keys."

Useless features

Useless features

What we do know is that aransomwareoperator known as Money Message broke into hardware manufacturerMSIearlier this year and stole sensitive data.

The group claims it made away with 1.5TB of sensitive information, including source code, firmware intel, and various databases. In order not to publish the stolen files on the dark web, the group allegedly demanded $4 million in ransom.

MSI turned the offer down, claiming the attack and the stolen files represented no real threat to its business operations. In response, the threat actors made the files public.

Clop ransomware may have infected even more victims than previously thought>Saks Fifth Avenue becomes latest Clop ransomware victim>Check out the best firewalls right now

After that, different cybersecurity researchers started analyzing the leaked data, with some finding what appear to be image signing private keys for 57 MSI products and Intel Boot Guard private keys for 116 MSI products.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Researcher Alex Matrosov toldBleepingComputerthat the leak could render Boot Guard ineffective on “11th Tiger Lake, 12th Adler Lake, and 13th Raptor Lake" processors.

“We have evidence the whole Intel ecosystem is impacted by this MSI data breach. It’s a direct threat to MSI customers and unfortunately not only to them,” he said. “The signing keys for fw image allow an attacker to craftmaliciousfirmware updates and it can be delivered through a normal bios update process with MSI update tools.”

“The Intel Boot Guard keys leak impacts the whole ecosystem (not only MSI) and makes this security feature useless.”

Via:BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Windows PCs targeted by new malware hitting a vulnerable driver

Dangerous Android banking malware looks to trick victims with fake money transfers

Apple iMac 24-inch M4 (2024) review: the best, and most colorful, all-in-one computer levels up