Aurich Lawson
A ransomware intrusion at hardware manufacturer Micro-Star International, better known as MSI, is fueling concerns about devastating supply chain attacks that can inject malicious updates signed with corporate keys trusted by a large number of end-user devices. said one researcher.
“It’s kind of a doomsday scenario where it’s really hard to update the devices at the same time, and they don’t stay updated for a while and use the old key for authentication,” Alex Matrosov, CEO, head of research and founder of security company Binarly, said in an interview. “It’s very hard to fix and I don’t think MSI has a backup solution to actually block the leaked keys.”
Leaked key + no revocation = recipe for disaster
The intrusion came to light in April when, as Bleeping Computer first reported, the extortion portal of the Money Message ransomware group listed MSI as a new victim and published screenshots claiming to show folders containing private encryption keys, source code and other data. A day later, MSI issued a terse advisory stating that it had “experienced a cyber-attack on some of its information systems”. The advisory urged customers to only get updates from the MSI website. It made no mention of leaked keys.
Since then, Matrosov has analyzed data released on the dark web Money Message site. To his shock, the treasure contained two private encryption keys. The first is the signing key that digitally signs MSI firmware updates to cryptographically prove they are legitimate from MSI rather than a malicious threat actor imposter.
This raises the possibility that the leaked key could push updates that could infect the most underserved regions of a computer without triggering an alert. To make matters worse, Matrosov said MSI does not have an automated patching process like Dell, HP and many larger hardware manufacturers. As a result, MSI does not offer the same key revocation capabilities.
“It’s very bad, it doesn’t happen often,” he said. “They need to pay close attention to this incident because there are very serious security implications here.”
To add to the concern, MSI has so far maintained radio silence on the matter. Company representatives did not respond to emails requesting comment, asking if the company planned to provide advice to its customers.
Over the past decade, supply chain attacks have delivered malicious payloads to thousands of users in a single incident where the victims did nothing but install a validly signed update. The 2019 compromise of the software building and distribution system for SolarWinds, a cloud-based network management service.
Taking control of the private key used to certify legitimate updates, the Kremlin-backed hacking unit known as APT29 and Cozy Bear, believed to be part of Russia’s foreign intelligence service, infected more than 18,000 customers with a first-stage malware. Ten federal agencies and about 100 private companies received follow-up shipments installing backdoors for use in espionage.
In March, telephony company 3CX, maker of popular VoIP software used by more than 600,000 organizations in 190 countries, disclosed a breach of its build system. The hackers behind that intrusion, who researchers say are working on behalf of the North Korean government, used their foothold to deliver malicious updates to an unknown number of customers.
Security company Mandiant later reported that the attack on 3CX was the result of an infection via a supply chain attack on software developer Trading Technologies, the maker of the X_Trader financial trading program that 3CX used.
There are no reports of supply chain attacks targeting MSI customers. Gaining the kind of control needed to compromise a software building system is generally a non-trivial event that requires a lot of skill and possibly some luck. Since MSI doesn’t have an automated update mechanism or withdrawal process, the bar would likely be lower.
Whatever the difficulty, owning the signing key that MSI uses to cryptographically verify the authenticity of the installation files greatly reduces the effort and resources required to launch an effective supply chain attack.
“The worst case scenario is if the attackers not only gain access to the keys, but can also distribute this malicious update [using those keys]Matrosov said.
In an advisory report, the National Cybersecurity Center based in the Netherlands does not rule out the possibility.
“Because successful exploitation is technically complex and in principle requires local access to a vulnerable system, the NCSC deems the risk of exploitation small,” NCSC officials write. “However, it is not inconceivable that the leaked keys will be misused in targeted attacks. The NCSC is not yet aware of any indications of misuse of the leaked key material.”
Adding to the threat, the Money Message hackers also obtained a private encryption key used in a version of the Intel Boot Guard that MSI distributes to its customers. Many other hardware makers use different keys that are not affected. In an email, an Intel spokesperson wrote:
Intel is aware of these reports and is actively investigating. There are researchers who claim that private signing keys are included in the data, including MSI OEM signing keys for Intel BootGuard. It should be noted that Intel BootGuard OEM keys are generated by the system manufacturer and are not Intel signing keys.
Extensive access
Intel Boot Guard is built into modern Intel hardware and is designed to prevent the loading of malicious firmware, usually in the form of a UEFI bootkit. Embedded in silicon in a motherboard, this malware is difficult, if not impossible, to detect, and is the first to run every time a computer is turned on. UEFI infections allow malware to load before the operating system starts running, making it possible to evade protections and better hide from endpoint security.
Possession of both keys increases the threat in the worst case. From Wednesday’s advice from the NCSC:
Intel Boot Guard is technology developed by Intel. Intel Boot Guard verifies that a motherboard’s firmware has been digitally signed by the vendor during a system’s boot process. The leak of MSI’s Intel Boot Guard and firmware keys allows an attacker to self-sign malicious firmware. An attacker with (in principle local) access to a vulnerable system can then install and run this firmware. This gives the attacker extensive access to the system and bypasses all overlying security measures. For example, the attacker gains access to data stored on the system or can use the access to launch further attacks.
Chip manufacturer Intel has informed the NCSC that the leaked private keys are MSI-specific and can therefore only be used for MSI systems. However, MSI motherboards can be incorporated into products from other vendors. As a result, abuse of the leaked keys can also take place on these systems. See “Possible Solutions” for more information on affected systems.
For now, people using affected hardware — which so far seems to be limited only to MSI customers or possibly third parties who resell MSI hardware — should be extra wary of firmware updates, even if they’re validly signed.
