Intel is investigating a data leak that has resulted in the private keys for Intel Boot Guard being published on the darknet group, Money Message. The leak contains closed signature keys, including the MSI OEM switch for Intel Boot Guard, and makes the safety function useless, leaving MSI customers vulnerable to cyber attacks.
Various security researchers indicate that the private keys can allow attackers to create malicious updates of the built-in software, which can then be delivered using the usual BIOS update process through MSI update tools. Intel Boot Guard keys affect the entire ecosystem, and the leak may make Boot Guard ineffective on 11th Tiger Lake processors, 12th Adler Lake, and 13th Raptor Lake.
MSI has confirmed the breach and has warned its customers about the potential cyber attack. MSI has launched “appropriate protection mechanisms” and is gradually restoring systems to normal work.
Binarly, a cybersecurity company, analyzed the leaked files and confirmed that the leak contains private keys to the MSI codes for 57 products. MSI uses these keys to confirm that the firmware update comes from the company. Otherwise, the computer may mark the software as unprincipled and potentially harmful.
In early April, the Money Message group reported that it had stolen about 1.5 TB of data from MSI systems and demanded a ransom of $4 million. MSI refused to pay the ransom, stating that the attack and stolen files posed no real threat to the company’s business operations. In response, the attackers released the files.
Intel is aware of the leak and is conducting an active investigation. According to Intel, Intel Boot Guard OEM Speeds are generated by the system manufacturer and are not Intel signatures. The leak affects the entire Intel ecosystem and is a direct threat to MSI customers.