On January 18, 2022, MSI revealed that its information systems had been attacked and over 500 GB of internal data had been stolen. The attackers demanded $4 million for non-disclosure, but MSI refused and some of the data were released to the public.
The data that was published included the original texts of firmware and related tools. Among the published data were closed keys of the company Intel that were transmitted by OEM manufacturers. These keys were used to certify digital signature of produced firmware and firmware to ensure secure download using the technology Intel Boot Guard.
The presence of firmware assumption keys makes it possible to form correct digital signatures for fictitious or altered firmware. Boot Guard keys allow you to circumvent the mechanism of launching only verified components at the initial loading stage which can be used, for example, to compromise the Verafi Secure Boot.
At least 57 products of MSI are affected, and the keys are BOOD Guard – 166 MSI products. It is suggested that the keys for Boot Guard are not limited to compromising MSI products and can also be used for attacks on equipment of other manufacturers using 11, 12, and 13 generations of Intel processors.
Open keys can be used for attacks on other vehicles using Intel CSME controller, such as OEM Unlock, ISH Firmware, and Smip. This includes other manufacturers like Intel, Lenovo, and Supermicro.
These concerns are being watched closely and investigated. Companies are urged to take necessary precautions to ensure that their information systems remain secure.