Security researchers have confirmed that private keys for MSI products and Intel Boot Guard are loose in the wild. Hackers could use the keys to sign malware under the guise of official MSI firmware. Intel Boot Guard is a critical security check for when computers first start up, and the leak could let bad actors bypass it.
Researchers at Binarly said the leaked keys affect dozens of products from several companies, including Intel, Lenovo, Supermicro, and others. See the group’s GitHub page for a complete list. Binarly tweeted that it will hunt for specific examples of infected firmware to let users know what to avoid.
