Intel is allegedly investigating a data leak where sensitive BootGuard private keys were published on the dark web.
These private keys are designed to protect devices from UEFI bootkits, malware installed in device firmware, ensuring durability even after hard drive replacement.
The message was delivered by Beeping Computerwithout explaining what the investigation is about. In response to the attack, Intel told the publication that “it should be noted that Intel BootGuard OEM keys are generated by the system manufacturer and are not Intel’s signature keys.”
All we know is that a ransomware operator known as Money Message broke into hardware manufacturer MSI earlier this year and stole sensitive data.
The group claims to have stolen 1.5TB of sensitive information, including source code, firmware information, and various databases. In order not to post the stolen files on the dark web, the group allegedly demanded a $4 million ransom.
MSI rejected the offer, claiming that the attack and the stolen files did not pose a real threat to its business operations. In response, cybercriminals made the files public.
Subsequently, various cybersecurity researchers began to analyze the leaked data, and some found image signing private keys for 57 MSI products and Intel Boot Guard private keys for 116 MSI products.
– said researcher Alex Matrosow Beeping Computer that the leak could render Boot Guard ineffective on “11th Tiger Lake, 12th Adler Lake, and 13th Raptor Lake” processors.
“We have evidence that the MSI data breach is affecting the entire Intel ecosystem. This is a direct threat to MSI customers and unfortunately not only to them,” he said. “fw image signing keys allow an attacker to create malware (opens in a new tab) firmware updates and can be delivered through the normal bios update process using MSI update tools.
“The Intel Boot Guard key leak affects the entire ecosystem (not just MSI) and renders this security feature useless.”
By: Beeping Computer (opens in a new tab)