Last month’s MSI data theft is causing panic. Some extremely sensitive signing keys have been found among the leaked data drifting through the dark web.
Devs need to ask if any of their dev, test, source, build or prod machines might be vulnerable. Bad actors are no doubt already building signed bootkits that subvert operating system controls from underneath.
If nothing else, there are important lessons to learn from MSI’s mistake. In this week’s Secure Software Blogwatch, we lock up our secrets.
Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Steamfest 2023.
[ See special report: Secrets Exposed - An Essential Guide to Securing Secrets ]
OEM OMG: No HSM
What’s the craic? Mark Tyson reports — “Boot Guard Keys From MSI Hack Posted”:
“Leak has certainly made a mess”
Files purloined during the substantial MSI hack last month have started to proliferate around the dark web. One of the more worrying things spotted among the digital loot is an Intel OEM private key … generated by the OEM (MSI) not Intel itself. … Now hackers can use the key to sign malicious BIOS, firmware and apps, which will look entirely like official MSI releases.
…
Intel Boot Guard ensures that PCs only can run verified apps before boot. … Intel talks with some pride about its BIOS Guard, Boot Guard, and Firmware Guard technologies. … Sadly, it is not longer going to be a useful 'guard' for a wide range of MSI systems.
…
This leak has certainly made a mess, and it isn't clear whether the leaked keys can be revoked. … Please avoid checking the stolen files on the dark web or other sources, as they might now be laced with malware.
In fact, it is clear. And it’s bad news. Paul Ducklin — “Low-level motherboard security keys leaked”:
“Take control over the firmware”
To strengthen the level of cryptographic verification provided by both BIOS Guard and Boot Guard … the cryptographic keys they use aren’t themselves stored in rewritable flash memory. They’re saved … into write-once memory embedded on the motherboard itself … fused in other words — in a one-shot modification that flips them permanently into binary 0s (or 1s). … They’re locked in forever.
…
A debug-level OEM key … provides a motherboard vendor with a way to take control over the firmware as it’s booting up, including watching it instruction-by-instruction, tweaking its behaviour, spying on and modifying the data it’s holding in memory, and much more. … The crooks have now leaked [such a] key that can enable low-level boot-time debugging on 11 different motherboards supplied by HP, Lenovo, Star Labs, AOPEN and CompuLab.
So it doesn’t only affect MSI mobos? Elizabeth Montalbano says it “Could Have Security Repercussions for Years”:
“Should serve as a reminder”
[It] could cast a shadow on firmware security for years to come and leave devices that use the keys highly vulnerable to cyberattacks. … It's likely threat actors would pounce on the availability of the Intel Boot Guard signing keys, presenting a major firmware security problem for years to come.
…
The BIOS runs even before a device's OS, which means the vulnerable code is present at the most basic device level and thus difficult to patch or defend against, complicating the scenario even further. … The inherent vulnerability of outdated device firmware … often gets overlooked in patching cycles and thus, if vulnerable, represents a large and dangerous attack surface.
…
The latest leak also should serve as a reminder to organizations that firmware and other private keys should be kept separate from code as much as possible to mitigate the risk of theft.
You can say that again. And, as if by magic, digitalgriffin says that again:
Why why why do major companies not keep the keys to the company on air gapped systems? Why?!?
Similarly, afidel waxes apoplectic:
Why would that key ever be online? That's exactly the kind of thing an offline root is for. Heck, even then I think I'd have the actual signing key in an HSM, where it couldn't be retrieved. The mind just boggles that this was possible.
Good point. And ctilsie242 expands on it:
Hasn't MSI heard about an HSM? Even my GitHub signing key is in a YubiKey, and my CA stuff is in a YubiHSM. These are not expensive items, and can mean the difference between an attacker being stopped cold as the HSM waits for a button press, or doesn't allow operations altogether due to users, versus key material being divulged and copied off.
What can we learn? RickVS sums up what you shouldn’t do, if you have secrets to keep:
So MSI's perspective on security is: "Let's just hope we don't get hacked!"
With a colorful metaphor, here’s Richard 12:
Revocation, that's what you need. If you can't revoke a credential, then you do not have any security. … Would you buy a house if you have to knock it down to change the locks?
Meanwhile, Toni Morton — @haxor4evr — laughs his *** off:
LMAO we spent millions of dollars for this hardware chain of trust system for our UEFIs and one leak caused the entire supply chain to just fall in the lap of the attackers.
And Finally:
Racing steam trains in Australia (not sure who won, though)
Hat tip: evil_andy
You have been reading Secure Software Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites … so you don’t have to. Hate mail may be directed to @RiCHi or ssbw@richi.uk. Ask your doctor before reading. Your mileage may vary. Past performance is no guarantee of future results. Do not stare into laser with remaining eye. E&OE. 30.
Image sauce: Tom Joseph (via Unsplash; leveled and cropped)
[ See special report: Secrets Exposed - An Essential Guide to Securing Secrets ]
