What could be worse than a ransomware attack on your company? Only an incident that hits your company’s clients, I guess. Well, that’s exactly what happened to MSI — the large Taiwanese manufacturer of laptops, video adapters and motherboards. In the beginning of April, word got out that the company was attacked by a new ransomware gang called Money Message; a while later the extorters published a portion of the stolen information on the darknet; then, in May, researchers discovered the most disturbing aspect to the leak — that private firmware-signing keys and Intel Boot Guard keys had been make public. MSI went public regarding the leak, but presented very little information — even omitting the subject of keys completely. Here, we try to give you a bit more context…
Boot Guard keys, and how they protect your computer
Even before its operating system boots up, your computer performs many preparatory operations upon instructions from a motherboard chip. In the past, the mechanism was called BIOS, until it was replaced by the expandable UEFI architecture. UEFI code is stored in the firmware, but extra modules can be loaded from a special hard-drive partition. Next, UEFI boots up the operating system itself. If UEFI is maliciously modified, the operating system, user apps and all security systems will start up under the control of the malicious code. The attackers will be able to circumvent all further layers of defense, including BitLocker, Secure Boot and the OS-level security systems, such as anti-viruses and EDR.
Referred to as BIOS-level implants (sometimes also “hardware bootkits“), such threats are very hard to detect — and even harder to get rid of: you can’t purge your PC of them even by replacing your hard drive with a brand new one.
Computer and OS vendors have developed a variety of safeguards to make it as difficult as possible for threat actors to devise such dangerous threats. First, to update firmware and make additions to UEFI one needs an app signed by the vendor: Intel BIOS Guard doesn’t allow updating UEFI from untrusted apps or using unsigned firmware. Second, there’s a hardware verification mechanism called Boot Guard. The technology checks the signature of the opening part of UEFI (IBB — Initial Boot Block) and aborts the computer boot if the firmware has been tampered with. Boot Guard’s cryptographic keys used to verify these protection mechanisms are stored in a special write-once memory, meaning they can’t be deleted or rewritten (in turn meaning they can’t be falsified or replaced), while at the same time they can’t be revoked if compromised!
What’s so dangerous about an MSI key leak?
A firmware-signing keys leak may allow threat actors to create update utilities and rogue firmware capable of successfully passing verifications with the potential to update microprograms on MSI motherboards. Such keys can be revoked, so after a while (actually, we’re talking months if not years!) the problem will become irrelevant — if legitimate updates are applied in a secure way. The situation is much worse with Boot Guard keys, since these can’t be revoked. Moreover, according to Binarly, these keys can be used even in some products manufactured by vendors other than MSI. This disrupts the secure-boot trust chain for all products relying on these keys, leaving device owners with no other option but to ramp up third-party protective measures and keep using them that way until the products cease being used.
Tips for MSI device users
First off, check if your computers are endangered. If you have an MSI computer or laptop, the threat is there, but even computers from other vendors may have MSI motherboards. Here’s how you can check this:
- Type “System Information” into the Windows search line to locate and run it
- Under System summary scroll down to Motherboard manufacturer or BaseBoard manufacturer. If it says MSI or Micro-Star International, the threat is relevant to you.
Please note that MSI makes hundreds of products, and the leaked keys don’t affect them all. The longest list of products affected by the threat is here, but we cannot attest to its completeness or accuracy. Your best bet would be to take extra care and proceed from the assumption that all current MSI boards can be targeted by attackers.
If exposed to the threat, you should be extremely mindful of the risk when updating your proprietary utilities, drivers, and firmware. Download these only from the official website www.msi.com by manually typing the address into the browser — not by following links from e-mails, messenger threads or other websites. We also recommend you to watch out for updates on the MSI website: these shouldn’t be ignored. It’s quite possible that MSI will devise a way to revoke some of the leaked keys or otherwise prevent their use.
In addition, make sure not to use an MSI computer as administrator, and make sure that it’s equipped with reliable protection against phishing and malware .
Tips for IT administrators
The risk of UEFI implants based on the MSI leaks is in a way compensated by the complexity of their installation, which involves having administrative access to a target computer plus a bunch of conspicuous firmware update apps. So the issue could be mitigated by suppressing these apps at group policy level and by making sure that the principle of least privilege is enforced on all the computers within your organization. However, it’s likely that in the future specialized hacker tools will come into play that will use stolen keys and sufficient obfuscation to conceal firmware updates. To reduce this risk, consider experimenting with detection of leaked keys on corporate machines — a recommendation more suited to companies employing threat hunters in their information-security task-force.
Of course, the problem can also be eased through proper general practices: integrated network and endpoint protection, timely updating of business apps, and a system policy for patch management.
Tips for developers
The MSI example highlights how it is unacceptable in terms of information security and DevSecOps to keep secrets (especially ones difficult to rotate) on computers either next to or inside the code that uses them.
There are dedicated solutions for centralized secret management — for example, HashiCorp Vault — but even smaller developers can afford a simple protection system of their own, such as encrypted removable drive storage connected only for as long as it takes to publish an app.
As to companies the size of MSI, they should keep their confidential data — such as app and driver signing keys, let alone firmware signing keys — in specialized signature generation hardware units (HSM) or at least within a special secure perimeter on computers completely isolated from the rest of the network.