Intel is investigating reports that private OEM BootGuard keys are in the wild following MSI’s ransomware attack reported last month.
Taiwanese computer hardware company Micro-Star International (MSI) confirmed it suffered a cyberattack in a Taiwan Stock Exchange filing last month. Though MSI did not confirm the type of breach it suffered, the disclosure followed soon after a ransomware gang known as “Money Message” claimed on its data leak site that it stole source code and private keys from MSI and would leak it if the manufacturer didn’t pay the ransom.
Data from the breach was apparently leaked last week, and on Friday Alex Matrosov, founder and CEO of security vendor Binarly, tweeted that an OEM private key leaked belonging to Intel security feature Boot Guard that has caused “an impact on the entire ecosystem.”
BootGuard is a security feature within Intel hardware that is used to prevent malicious firmware from loading in the UEFI. According to an Intel white paper, “The policies of Intel BootGuard are rooted in Field Programmable Fuses, making them unalterable for the lifetime of a platform. Once provisioned, Intel Boot Guard cannot be disabled, and provisioned…
