Leak of Intel Boot Guard Keys Could Have Security Repercussions
The potential leak from MSI Gaming of signing keys for an important security feature in Intel-based firmware could cast a shadow on firmware security for years to come and leave devices that use the keys highly vulnerable to cyberattacks, security experts say.
Intel is still “actively investigating” an alleged leak of Intel Boot Guard private keys for 116 MSI products, the company told Dark Reading. The investigation comes after a claim by Alex Matrosov, CEO of firmware supply chain security platform Binarly, that leaked source code from a March 2023 cyberattack on MSI includes this data, as well as image-signing private keys for 57 MSI products.
“Confirmed, Intel OEM private key leaked, causing an impact on the entire ecosystem. It appears that Intel BootGuard may not be effective on certain devices based on the 11th Tiger Lake, 12th Adler Lake, and 13th Raptor Lake” processors, he tweeted.
The alleged leak comes about a month after an emerging ransomware gang tracked as “Money Message” hit Taiwan-based MSI with a double extortion ransomware attack, claiming to have stolen 1.5TB of data during the attack, including firmware, source code, and databases.
When the $4 million ransom the group demanded was not paid, the attackers began posting data stolen in the attack on their leak site. Last week, MSI’s stolen data—including source code for firmware used by the company’s motherboards—turned up on that site.
Why It Matters
Intel Boot Guard is a hardware-based security technology aimed to protect computers against executing tampered-with, non-genuine Unified Extensible Firmware Interface (UEFI) firmware, “which could happen in case a possible attacker has bypassed protection against modification of BIOS,” Binarly efiXplorer Team explained in a blog post published last November.
That post came in response to an October leak of UEFI BIOS of Alder Lake, Intel’s code name for its latest processor, as well as the key pairs required by Boot Guard during provisioning stage.
If threat actors get hold of the MSI-related Intel Boot Guard signing keys, they potentially could load vulnerable firmware onto affected devices—which include MSI motherboards—that appear to be signed by the vendor and thus legitimate.
Moreover, the BIOS runs even before a device’s OS, which means the vulnerable code is present at the most basic device level and thus difficult to patch or defend against, complicating the scenario even further, notes one security expert.
“Due to the nature of how these keys are embedded and used, the usual advice of installing security patches may not be possible,” Darren Guccione, CEO and co-founder of cybersecurity software firm Keeper Security, said in an email to Dark Reading.
To remedy the issue, security teams potentially would have to implement “non-standard controls to monitor for breaches if malware starts using these keys,” he notes. “Without a simple security solution, this could be a damaging attack vector in the long term,” Guccione says.
Future Firmware Woes
Indeed, the long term is what worries security experts about the leak. They say it’s likely threat actors would pounce on the availability of the Intel Boot Guard signing keys, presenting a major firmware security problem for years to come.
“Stealing signing keys, especially for something that can only be updated in firmware (which means few people will do it), usually entails a long tail of incidents years after the disclosure,” warned John Bambenek, principal threat hunter at Netenrich, a security and operations analytics SaaS firm.
His comment brings up a good point: the inherent vulnerability of outdated device firmware, which often gets overlooked in patching cycles and thus, if vulnerable, represents a large and dangerous attack surface, notes Matt Mullins, senior security researcher at Cybrary.
“Considering that most people do not apply patches to UEFI or firmware in general, the individuals impacted will probably not know to patch these devices appropriately,” he says. “The access provided to malicious actors in regard to this is in some ways worse than getting a SYSTEM or root shell.”
This is because with access to the signing keys, system protections like driver signatures or detections of malicious activity at kernel level or below “will in essence be null and void because the malicious bootkit can load prior/below that,” Mullins says.
“By loading below that, it can hijack or bypass important process associated with device integrity (such as I/O operations) and effectively render itself permanent without the appropriate flash and reload of firmware,” he says.
While the situation may seem dire, one security expert tried to quell fears that have surfaced over news of the leak by noting that the overall threat to affected MSI devices “is relatively low because of the steps a threat actor would need to go through” to exploit the keys.
“As a contrast, consider IoT/OT devices which often lack digital signatures for firmware and exist at a massively higher scale than MSI devices,” says Bud Broomhead, CEO at Viakoo, a provider of automated IoT cyber hygiene.
That said, there are ways to mitigate or defend against any risks from the incident, experts say.
A good start is to ensure you have a trusted process for all digital assets including IoT/OT, Broomhead says. Meanwhile, using other forms of protection, such as monitoring and network access control, should help to prevent exploitation of the leaked keys “from cause a much larger exploitation,” he adds.
The latest leak also should serve as a reminder to organizations that firmware and other private keys should be kept separate from code as much as possible to mitigate the risk of theft, Bambenek notes.
Other mitigations that organizations can take to defend against firmware attacks include the obvious application of patches, while often overlooked, “is primarily the best defense against this potential future attack,” Mullins says.