Skip to main content

A massive data breach has left Intel scrambling for solutions

A security breach in March robbed MSI of up to 1.5TB of sensitive data. However, MSI is not the only company impacted.

As a result of the breach, Intel is now investigating a major leak of Intel Boot Guard keys. The extent of the damage is still unclear, but the worst-case scenario is that the security feature is now useless on compromised devices — and that’s a pretty lengthy list.

⛓️Digging deeper into the aftermath of the @msiUSA data breach and its impact on the industry.

🔥Leaked Intel BootGuard keys from MSI are affecting many different device vendors, including @Intel , @Lenovo, @Supermicro_SMCI, and many others industry-wide.

🔬#FwHunt is on! https://t.co/NuPIUJQUgr pic.twitter.com/ZB8XKj33Hv

— BINARLY🔬 (@binarly_io) May 5, 2023

This whole fiasco seems to have begun with the MSI data breach that took place earlier this year. The Money Message extortion gang targeted MSI in March, saying that it managed to steal around 1.5TB of sensitive data. It demanded a ransom of $4 million to not leak the data to the public.

MSI refused to give in and didn’t pay the ransom, and unfortunately, the hacker gang followed through and started leaking the firmware source code of MSI’s motherboards.

According to Alex Matrosov, the CEO of Binarly, a security platform, the source code may have contained some really sensitive information, such as Intel Boot Guard private keys for 116 MSI products.

Intel Boot Guard prevents the loading of malicious firmware on Intel hardware. The fact that it’s now compromised makes this as much Intel’s problem as it is MSI’s. If threat actors gain access to these keys, they might be able to create powerful malware that’s capable of bypassing Intel’s security measures.

Matrosov claims that Intel Boot Guard may now be ineffective on some of Intel’s best processors, including Tiger Lake, Alder Lake, and Raptor Lake chips running on MSI-based devices.

A render of an Intel Core HX chip.
Image used with permission by copyright holder

In a statement to Bleeping Computer, Intel said: “Intel is aware of these reports and actively investigating. There have been researcher claims that private signing keys are included in the data, including MSI OEM Signing Keys for Intel BootGuard. It should be noted that Intel BootGuard OEM keys are generated by the system manufacturer, and these are not Intel signing keys.”

It’s hard to say precisely how big of an impact this leak might have. It’s possible that it opened the door to the creation of malware that can skip right past Intel Boot Guard, and that could be dangerous for affected devices.

If you’re using a build with an MSI motherboard and an Intel chip, take the usual security measures to stay safe. This includes not downloading files from sources you don’t trust and regularly scanning your computer with antivirus software, if you’re using any. We’ll have to wait for Intel and MSI to share more information on the data breach in order to know what happens next.

Editors' Recommendations

Monica J. White
Monica is a UK-based freelance writer and self-proclaimed geek. A firm believer in the "PC building is just like expensive…
Hackers dug deep in the massive LastPass security breach
The LastPass logo appears in front of a menacing hooded figure.

The cybersecurity breach that LastPass owner GoTo reported in November 2022 keeps getting worse as new details are revealed, calling into question the company's transparency on this serious issue.

It has been two months since GoTo shared the alarming news that hackers stole the usernames, passwords, email addresses, phone numbers, IP addresses, and even billing information of LastPass users. In GoTo's latest blog update, the company reported that several of its other products were compromised as well.

Read more
Microsoft data breach exposed sensitive data of 65,000 companies
A depiction of a hacker breaking into a system via the use of code.

Microsoft servers have been subject to a breach that might have affected over 65,000 entities across 111 countries, according to the security research firm, SOCRadar.

SOCRadar claims that it shared with Microsoft its findings, which detailed that a misconfigured Azure Blob Storage was compromised and might have exposed approximately 2.4TB of privileged data, including names, phone numbers, email addresses, company names, and attached files containing proprietary company information, such as proof of concept documents, sales data, product orders, among other information.

Read more
Intel Alder Lake BIOS source code was leaked — should you be worried?
An Intel Alder Lake Core i5-12600K CPU and its packaging.

It's official -- the source code for the Intel Alder Lake BIOS was leaked, and Intel has confirmed it. A total of 6GB of code used for building the BIOS/UEFI source code is now out in the wild, having been posted on GitHub and 4chan.

Intel doesn't seem too concerned, but security researchers are now hard at work trying to see if this can be used in a malicious way. If you own an Alder Lake CPU, should you be worried?

Read more