1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Intel investigating BootGuard security key leak following MSI hac

    From TechnologyDaily@1337:1/100 to All on Tue May 9 18:30:04 2023
    Intel investigating BootGuard security key leak following MSI hack

    Date:
    Tue, 09 May 2023 17:14:45 +0000

    Description:
    Intel BootGuard OEM keys are generated by the system manufacturer, and these are not Intel signing keys, the company claims.

    FULL STORY ======================================================================

    Intel is allegedly investigating a data leak that saw sensitive BootGuard private keys published on the dark web.

    These private keys are designed to protect the devices from UEFI bootkits, malicious software thats installed on the devices firmware, establishing persistence even if the hard drive is replaced.

    The news was broken by BleepingComputer , without elaborating what this investigation entails. In response to the attack, Intel told the publication it should be noted that Intel BootGuard OEM keys are generated by the system manufacturer, and these are not Intel signing keys." Useless features

    What we do know is that a ransomware operator known as Money Message broke into hardware manufacturer MSI earlier this year and stole sensitive data.

    The group claims it made away with 1.5TB of sensitive information, including source code, firmware intel, and various databases. In order not to publish the stolen files on the dark web, the group allegedly demanded $4 million in ransom.

    MSI turned the offer down, claiming the attack and the stolen files represented no real threat to its business operations. In response, the
    threat actors made the files public. Read more

    Clop ransomware may have infected even more victims than previously thought


    Saks Fifth Avenue becomes latest Clop ransomware victim


    Check out the best firewalls right now

    After that, different cybersecurity researchers started analyzing the leaked data, with some finding what appear to be image signing private keys for 57 MSI products and Intel Boot Guard private keys for 116 MSI products.

    Researcher Alex Matrosov told BleepingComputer that the leak could render
    Boot Guard ineffective on 11th Tiger Lake, 12th Adler Lake, and 13th Raptor Lake" processors.

    "We have evidence the whole Intel ecosystem is impacted by this MSI data breach. It's a direct threat to MSI customers and unfortunately not only to them," he said. "The signing keys for fw image allow an attacker to craft malicious firmware updates and it can be delivered through a normal bios update process with MSI update tools."

    "The Intel Boot Guard keys leak impacts the whole ecosystem (not only MSI)
    and makes this security feature useless." These are the best endpoint protection tools right now

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/intel-investigating-bootguard-security-key-leak -following-msi-hack


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)