Image: Gordon Mah Ung/Foundry
The next time you need to download drivers for your MSI laptop or motherboard, make damn sure you’re getting it straight from the source. That’s pretty good advice for any kind of software update, but it’s particularly relevant since hackers stole a huge trove of proprietary data last month. The company has reportedly refused to pay the ransom, so private software keys were posted to the dark web last week.
The danger here is that hackers can download MSI device firmware, modify it to include malware or spyware, then sign it with MSI’s official keys, letting it slip right past the usual authenticity checks. It also makes it much harder for standard antivirus scanners to find, though there are ways to identify the leaked keys and run double-checks against existing databases. According to security firm Binarly (via PC Mag), the released files affect 57 different MSI products, including laptops in the Creator, Crosshair, Katana, Modern, Prestige, Pulse, Raider, Stealth, Summit, Sword, and Vector series.
But that’s not all. The leaked data also includes keys for Intel’s proprietary Boot Guard system, a part of UEFI Secure Boot. Those keys are applicable across a wide array of hardware from multiple vendors, including industry giants like Lenovo. Binarly says that those keys affect a further 166 products.
It is, in terms that might be too kind, a mess. MSI’s refusal to pay ransom to hackers is understandable, and even laudable—giving in to hackers wouldn’t guarantee that the data remains safe and would only incentivize further criminal acts. But it’s now more or less inevitable that cracked firmware will show up somewhere, just begging a search engine to crawl the page and place it above MSI’s official downloads.