Computer

MSI faces disaster after the umpteenth data leak

A new data breach from hardware manufacturer Micro-Star International, better known as M: YESis fanning the flames of concern in the company for fear that it could affect its supply chain, in a situation that many are already cataloging as “the day of the Final judgment» of the company. The problem is really serious, and in this article we are going to explain in the simplest way that we know what it consists of, how it can affect you as a consumer, and what the future holds for the company.

“It’s kind of catastrophic scenario in which it is very difficult to simultaneously update the devices, which remain for some time without updating and use an old key to authenticate”explained Alex Matrosov, CEO of the Binarly research company. “It’s very complicated to solve, and I don’t think MSI has any backup solutions to actually block the keys that have been leaked.”

On this occasion, what has happened is that they have leaked signature keys of the company, a vital element of security since it authenticates the user. In this way, a malicious attacker could make malicious updates signed with these authentic keys available to users, so that in any scenario they would be considered good despite being infected with Malware.

This leak could be the apocalypse for MSI

This intrusion came to light in April, when the Money Message hacking group targeted MSI as its victim due to its poor security and posted screenshots that allegedly showed folders containing private encryption keys, source code and much more data. A day later, MSI issued an official statement acknowledging that it had suffered a cyberattack “on part of its information systems”, and urging the users to obtain updates solely and exclusively from the official website of the brand.

MSI CoreLiquid

Since then, the researcher Matrosov mentioned above has been digging into the data released by the hacking group, and he realized that among these data were two private encryption keys. The first is the key that is used to digitally sign MSI’s firmware updates, cryptographically proving that they are legitimate and not from an impostor… and this is the problem.

This raises the possibility that updates that infect computers could be released using this private key without triggering a warning. Also, according to Matrosov, MSI doesn’t have an automated patching process like other manufacturers like Dell, HP or Lenovo have, and therefore they don’t have any key revocation system that can fix the situation. Many times we told you that MSI security is a mess and this proves us right again.

How does this problem affect you?

MSI’s supply chain is in question, and we are not referring to the supply chain of physical components, but to the chain in which updates are supplied, be they security, new features, etc. Over the past decade, supply chain attacks have managed to infect thousands of users with just a mere data breach, when the victims did nothing more than install an update on their computers that had a valid digital signature and Therefore, everything indicated that it was legitimate.

HQ MSI

If this group of hackers has control of the MSI private keys that are used to certify legitimate updates, it is precisely what can happen, that those users who own MSI hardware (be it a laptop, a motherboard, a graphics card or any other devices susceptible to receiving software or firmware updates) end up being infected by Malware simply by trying to update their devices.

For now, users with MSI hardware should be especially careful when doing any type of update, especially firmware, even if it appears to be digitally signed. The situation is unfortunate, but for the moment it seems that it will be better to leave the systems without updating.

MSI maintains “radio silence” on the matter

Of course, and how could it be otherwise, MSI is staying out of what happened: they have not come to the fore to explain the situation, they have not shown their faces in any possible way and have not given any kind of explanation to users, who will also be ultimately affected, nor have they announced any type of measure to be taken to alleviate the situation.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *