Intel BootGuard private keys leaked following MSI hack
Intel said it was "actively investigating" reports that OEM BootGuard keys were stolen and leaked by ransomware actors following a breach at motherboard maker MSI
Intel is investigating reports that private OEM BootGuard keys are in the wild following MSI's ransomware attack reported last month.
Taiwanese computer hardware company Micro-Star International (MSI) confirmed it suffered a cyberattack in a Taiwan Stock Exchange filing last month. Though MSI did not confirm the type of breach it suffered, the disclosure followed soon after a ransomware gang known as "Money Message" claimed on its data leak site that it stole source code and private keys from MSI and would leak them if the manufacturer didn't pay the ransom.
Data from the breach was apparently leaked last week. On Friday, security vendor Binarly's founder and CEO Alex Matrosov tweeted that an OEM private key leaked belonging to Intel security feature Boot Guard that has caused "an impact on the entire ecosystem."
BootGuard is a security feature within Intel hardware that is used to prevent malicious firmware from loading in the UEFI. According to an Intel white paper, "The policies of Intel BootGuard are rooted in Field Programmable Fuses, making them unalterable for the lifetime of a platform. Once provisioned, Intel Boot Guard cannot be disabled, and provisioned policies cannot be spoofed."
A spokesperson for Intel said in a statement that the manufacturer is "aware of these reports and actively investigating." Though the statement did not confirm that private keys are in the wild, Intel noted that "Intel BootGuard OEM keys are generated by the system manufacturer, and these are not Intel signing keys."
⛓️Confirmed, Intel OEM private key leaked, causing an impact on the entire ecosystem. It appears that Intel BootGuard may not be effective on certain devices based on the 11th Tiger Lake, 12th Adler Lake, and 13th Raptor Lake. Our investigation is ongoing, stay tuned for updates. https://t.co/rkxZIpReE8 pic.twitter.com/fLopw1qeSD— Alex Matrosov (@matrosov) May 5, 2023
MSI did not respond to TechTarget Editorial's request for comment.
In an email, Matrosov said that leaked keys related to the MSI breach affect multiple hardware vendors and models, including HP's t430 and t638 Thin Client models; Lenovo's Ideacentre AIO 330-20IGM, 310s-08igm, and a340-24igm models; Lenovo v330 and v130 laptops; CompuLab fitlet2 IoT Gateway; and Star Labs' StarLite Ultrabooks MkIII and MkIV.
"The keys related to MSI that have been leaked are breaking hardware-based security features, such as Intel Boot Guard," he said. "This renders the security measures useless and allows attackers to cause supply chain attacks on the devices."
Matrosov additionally referenced a similar Lenovo source code leak -- which included Intel BootGuard keys -- late last year. He said Binarly plans to publish further information on the MSI leak next week.
John Loucaides, senior vice president of strategy at supply chain risk management vendor Eclypsium, told TechTarget Editorial that the company verified that the private BootGuard keys in the leaked MSI data were authentic.
"While we are still working to verify the complete list and impacted products, we have verified that BootGuard keys have leaked," he said. "It makes sense that these keys would be included with other sensitive IP, but we needed to verify that these are the same keys used in production firmware images. So far, that seems to be checking out correctly."
He added that the leak of BootGuard keys, even OEM keys, is a "big deal" due to the access BootGuard has. "The underlying threat is that attackers will create malicious firmware that appears valid and works on various systems. This is a real threat, and it has happened many times before," he said, referencing a recent Eclypsium blog post on firmware attacks.
"A significant issue with this attack vector is that most cyber security products will not have any visibility into such attacks below the OS. Both Eclypsium and Binarly are doing deeper analysis to gain visibility into such attacks and allow organizations to respond more quickly. So far, we have not seen the malicious firmware images related to this leak in the wild. However, that's likely only a matter of time."
Alexander Culafi is a writer, journalist and podcaster based in Boston.