MSI private keys has been leaked - be on alert, if you own anything MSI

1 Like

Thanks for this info. MSI published a BIOS update for the “B450-A PRO MAX” this Monday. Could be related.

3 Likes

Yeah…Hopefully it’s not some hacked keys + website one though, be very cautious… :laughing:

honka_animated-128px-46

More detailed info can be found here:

  1. MSI confirms security breach following ransomware attack

  2. Intel investigating leak of Intel Boot Guard private keys after MSI breach

  3. Fefe (aka Felix Leitner, IT-security expert) reacts to this on his blog:

Does anyone here use MSI products? They just had their private keys stolen.

This includes the Intel OEM private key for Bootguard.

If someone’s private key is stolen, it means that the private key was accessible from the net. For this alone you should cross this company directly and forever from your shopping list. But even if you don’t buy from MSI, but let’s say from Lenovo or Supermicro: The key is now leaked. Thanks, MSI!

1 Like

That means all Intel based systems are at potential risk?

Those that use “Intel Boot Guard” are at risk.

Of course, make sure you understand what “at risk” means in this scenario.

2 Likes

Intel Boot Guard is a hardware-based security technology aimed to protect computers against executing tampered-with, non-genuine Unified Extensible Firmware Interface (UEFI) firmware, “which could happen in case a possible attacker has bypassed protection against modification of BIOS,”

It’s some of their proprietary crap, so who knows.

1 Like

Got it. Thanks @dalto and @keybreak

1 Like