https://securityonline.info/intel-oem-private-key-leak-a-blow-to-uefi-secure-boot-security/ Skip to content Penetration Testing * Search for: [ ] [Search] * Home * Forensics * Machine Learning * Malware Analysis * Networking * Network PenTest + Information Gathering + Vulnerability Analysis + Exploitation o Metasploit + Post Exploitation + Maintaining Access + Password Attacks + Sniffing & Spoofing + Smartphone PenTest + Wireless * Reverse Engineering * Programming * Technique * Web PenTest + Web Information Gathering + Web Vulnerability Analysis + Web Exploitation + Web Maintaining Access + Reporting * Home * Forensics * Machine Learning * Malware Analysis * Networking * Network PenTest + Information Gathering + Vulnerability Analysis + Exploitation o Metasploit + Post Exploitation + Maintaining Access + Password Attacks + Sniffing & Spoofing + Smartphone PenTest + Wireless * Reverse Engineering * Programming * Technique * Web PenTest + Web Information Gathering + Web Vulnerability Analysis + Web Exploitation + Web Maintaining Access + Reporting Search for: [ ] [Search] Penetration Testing [svg] * Data Leak Intel OEM Private Key Leak: A Blow to UEFI Secure Boot Security by do son * May 6, 2023 In April, MSI fell victim to a cyberattack perpetrated by the ransomware group Money Message, who successfully infiltrated MSI's internal systems and exfiltrated a staggering 1.5TB of data, predominantly comprising source code. Nowadays, ransomware typically exfiltrates data before encrypting it, using the stolen information as leverage against victims who are unwilling to pay the ransom or seek to restore their systems from backups. In the absence of ransom payments, the data is then released publicly. Money Message demanded a $4 million ransom from MSI, and it appears that MSI has not paid, as some of the stolen data has already surfaced online. The MSI data breach led to the leakage of the Intel OEM private key, which could significantly undermine UEFI's secure boot security. [svg] It has been confirmed that the private key (KeyManifest) provided by Intel to OEMs has been leaked. These keys pertain to Intel Boot Guard digital signatures, a processor feature designed to ensure that computers only run verified programs before booting. In essence, this concerns UEFI secure boot, a mechanism that validates programs prior to operating system startup to prevent malware from running. The leaked private keys affect Intel's 11th, 12th, and 13th generation processors and were distributed to various OEMs, including Intel itself, Lenovo, and Supermicro. According to security research firm Binarly, the leaked Intel Boot Guard BPM/KM keys impact at least 166 MSI products, with the extent of the damage to other products currently unknown. Instances of leaks involving Intel Boot Guard private keys have occurred previously, with at least two separate incidents last year involving partial key leaks. Theoretically, if these private keys have been employed in production environments, they could pose significant threats, allowing malefactors to modify firmware boot policies and bypass hardware security measures. Neither MSI nor Intel has issued statements on the matter, leaving the full extent of the private key leaks unclear. It is possible that the hackers are gradually releasing data to pressure MSI into paying the ransom, which suggests that more data is likely to be disclosed in the future. Share Tags: Intel Boot GuardMoney MessageMSI * Next story Critical GitLab Security Vulnerability: CVE-2023-2478 Exposes Projects to Malicious Runners * Previous story PoC Exploit Released for Linux Kernel Privilege Escalation (CVE-2023-0386) Bug Ezoicreport this ad Follow: * * * * * * Search Reward Brilliantly SAFE! securityonline.info Content & Links Verified by Sur.ly 2022 Technology News * Intel will show off special E-Core chips with backside power delivery * ASRock submitted three RX 7600 graphics cards to the EEC * AMD clarifies the differences between the Ryzen 1 series and the 7040U series * Palit RTX 4060 Ti non-public GPUs frequency up to 2685MHz, GDDR6 memory speed of 18Gbps * Kioxia and Western Digital will demonstrate 300+ layers of 3D NAND flash memory Ezoicreport this ad * About Us * Contact Us * Disclaimer * Privacy Policy * DMCA NOTICE Penetration Testing (c) 2023. All Rights Reserved. * * * * * * x x x