Next time you need to download drivers for your MSI laptop or motherboard, make sure you download them directly from the source. That’s pretty good advice for any kind of software update, but it’s especially relevant because hackers stole a ton of proprietary data last month. Private software keys were posted on the dark web last week because the company reportedly refused to pay the ransom.
The danger here is that hackers can download MSI device firmware, modify it to contain malware or spyware, and then sign it with MSI’s official key to pass the usual authentication checks. There are also ways to identify leaked keys and run double scans against existing databases, but it makes finding them much harder for standard antivirus scanners. According to security binary scale The files released (via PC Mag) affect 57 different MSI products, including the Creator, Crosshair, Katana, Modern, Prestige, Pulse, Raider, Stealth, Summit, Sword and Vector series of laptops.
But that’s not all. The leaked data also contained a key to Intel’s proprietary Boot Guard system, which is part of UEFI Secure Boot. These keys can be applied to a variety of hardware from multiple vendors, including industry giants such as Lenovo. Binarly says these keys affect an additional 166 products.
It’s messed up in that it might be too kind. MSI’s refusal to pay the ransom to the hackers is understandable and even commendable. Yielding to hackers does not guarantee your data will remain safe, it will only encourage further criminal activity. But now, it’s more or less inevitable that cracked firmware will appear somewhere and beg search engines to crawl the page and place it above MSI’s official downloads.