Now Reading
A Blow to UEFI Safe Boot Safety

A Blow to UEFI Safe Boot Safety

2023-05-06 12:39:14

In April, MSI fell sufferer to a cyberattack perpetrated by the ransomware group Cash Message, who efficiently infiltrated MSI’s inner methods and exfiltrated a staggering 1.5TB of knowledge, predominantly comprising supply code.

These days, ransomware sometimes exfiltrates knowledge earlier than encrypting it, utilizing the stolen info as leverage towards victims who’re unwilling to pay the ransom or search to revive their methods from backups. Within the absence of ransom funds, the information is then launched publicly.

Cash Message demanded a $4 million ransom from MSI, and it seems that MSI has not paid, as a few of the stolen knowledge has already surfaced on-line.

The MSI knowledge breach led to the leakage of the Intel OEM non-public key, which may considerably undermine UEFI’s safe boot safety.

It has been confirmed that the non-public key (KeyManifest) supplied by Intel to OEMs has been leaked. These keys pertain to Intel Boot Guard digital signatures, a processor characteristic designed to make sure that computer systems solely run verified packages earlier than booting.

In essence, this considerations UEFI safe boot, a mechanism that validates packages previous to working system startup to stop malware from operating.

The leaked non-public keys have an effect on Intel’s eleventh, twelfth, and thirteenth era processors and had been distributed to numerous OEMs, together with Intel itself, Lenovo, and Supermicro.

See Also

In line with safety analysis agency Binarly, the leaked Intel Boot Guard BPM/KM keys impact a minimum of 166 MSI merchandise, with the extent of the injury to different merchandise at the moment unknown.

Cases of leaks involving Intel Boot Guard non-public keys have occurred beforehand, with a minimum of two separate incidents final 12 months involving partial key leaks.

Theoretically, if these non-public keys have been employed in manufacturing environments, they might pose vital threats, permitting malefactors to change firmware boot insurance policies and bypass {hardware} safety measures.

Neither MSI nor Intel has issued statements on the matter, leaving the total extent of the non-public key leaks unclear. It’s attainable that the hackers are step by step releasing knowledge to stress MSI into paying the ransom, which means that extra knowledge is prone to be disclosed sooner or later.

Source Link

What's Your Reaction?
Excited
0
Happy
0
In Love
0
Not Sure
0
Silly
0
View Comments (0)

Leave a Reply

Your email address will not be published.

2022 Blinking Robots.
WordPress by Doejo

Scroll To Top