"Security Breaches Plague Intel and MSI, Raising Supply Chain Attack Concerns"

May 11, 2023 at 01:07 AM

•

1 min read

"Security Breaches Plague Intel and MSI, Raising Supply Chain Attack Concerns" — Photo: Ars Technica

TL;DR Summary

The leak of MSI's private encryption keys, including the signing key used to verify the authenticity of firmware updates, has raised concerns of devastating supply chain attacks. Unlike larger hardware makers, MSI doesn't have an automated patching process or key revocation capabilities, making it difficult to revoke compromised keys. The leak also included a private encryption key used in a version of Intel Boot Guard that MSI distributes to its customers, which could allow attackers to bypass security measures and gain far-reaching access to systems. MSI has yet to issue guidance to its customers.

Topics:technology #cybersecurity #encryption-keys #firmware-updates #intel-boot-guard #msi #supply-chain-attack

Share this article

Leak of MSI UEFI signing keys stokes fears of ��doomsday” supply chain attack Ars Technica
A massive data breach has left Intel scrambling for solutions Digital Trends
Intel investigating major security leak KitGuru
Leak of Intel Boot Guard Keys Could Have Security Repercussions for Years DARKReading
Cyber Security Headlines: Leaked Intel keys, trading security for fps, new phishing-as-a-service tool CISO Series

Reading Insights

Total Reads

Unique Readers

Time Saved

6 min

vs 6 min read

Condensed

92%

1,195 → 94 words

Want the full story? Read the original article

Read on Ars Technica

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights