Leak of MSI UEFI signing keys stokes fears of “doomsday” supply chain attack

EnlargeAurich Lawson

A ransomware intrusion on hardware manufacturer Micro-Star International, better known as MSI, is stoking concerns of devastating supply chain attacks that could inject malicious updates that have been signed with company signing keys that are trusted by a huge base of end-user devices, a researcher said.

“​​It’s kind of like a doomsday scenario where it’s very hard to update the devices simultaneously, and they stay for a while not up to date and will use the old key for authentication,” Alex Matrosov, CEO, head of research and founder of security firm Binarly, said in an interview. “It’s very

→ Continue reading at Ars Technica

Related articles

Comments

Share article

Latest articles