If you’re a gamer or an avid squeezer of raw computing power, you’ve probably spent hours tweaking motherboard settings to squeeze every last drop of performance.
Over the years, you may have tried various unofficial firmware badges and hacks that allow you to change otherwise inaccessible settings or select commonly disallowed configuration combinations.
To be clear, we do not recommend installing unknown and unreliable firmware blobs.
(BLOB is a playful jargon for a firmware file. binary large objectThat means it’s an all-in-one stew of code, data tables, included files and images, and everything you actually need when the firmware starts up.)
Loosely speaking, firmware is one of the Windows, BSD or Linux distributions.
This means that if booby-trapped firmware code can be tricked into installing, it can be used to undermine the very security on which subsequent operating system security depends.
Rogue firmware can theoretically be used to spy on almost anything you do on your computer. rootkitA jargon term for malware that exists primarily to protect and hide other malware.
Rootkits usually aim not only to remove higher-level malware, but also to make it difficult to even detect in the first place.
word rootkit It starts in the days of Unix hacking, before PCs themselves even existed, as well as PC viruses and other malware. This is by default a user with unapproved system administrator privileges. root access, can be installed to avoid detection. Rootkit components may contain modifications. ls, ps and rm For example, tools (list files, list processes and remove file respectively), deliberately suppressed the intruder’s mention of malicious software, and refused requests to delete it. The name is derived from the concept of “software”. entire So that hackers and crackers can maintain root Even after being tracked down by the system’s real system administrator, you can access it.”
Digital signatures considered useful
Malicious firmware downloads these days are usually digitally signed by official vendors, making them easier to spot than in the past.
These digital signatures can be verified on existing firmware (depending on your motherboard and current configuration) to ensure that no malicious updates are installed at all, or on another computer to ensure they are approved by the vendor.
digital signature It provides much stronger proof of legitimacy than downloading. checksum such as the SHA-256 file hash posted on the company’s download site.
Download Checksum simply verifies that the raw content of the downloaded file matches the copy on the site where the checksum is stored, allowing you to quickly verify that there were no network errors during the download.
If a crook hacks your server to change a file they’re trying to download, they can change the checksums listed at the same time, and the two match because there’s no cryptographic secret involved in calculating the checksum from the file.
However, digital signatures are so-called private key It can be stored separately from the website by the vendor, and the digital signature is usually computed and added to the file somewhere in the vendor’s own secure software build system.
This ensures that the signed digital label is maintained wherever the signed file goes.
So, even if a scammer creates a booby-trapped download server with a Trojan download, it won’t be able to generate a digital signature that reliably identifies itself as the file’s creator and the supposed signer’s vendor. .
Unless, of course, crooks steal the vendor’s private key used to create these digital signatures…
…similar to holding a medieval monarch’s signet ring and pressing their official signature on a wax seal on an entirely fraudulent document.
MSI’s Dilemma
Well, fans of MSI motherboards should be doubly careful about installing off-market firmware right now, even if it comes with a legitimate-looking MSI digital “seal of approval.”
motherboard megacorp Official Notice of Violation Last weekend I admitted:
MSI recently suffered a cyberattack on some of its information systems. […] Currently, affected systems have gradually resumed normal operation, and financial operations have not been significantly impacted.
Rumor has it that MSI has been attacked by a ransomware gang that goes by the name Money Message. They appear to be attempting to blackmail MSI by threatening to disclose stolen data such as:
MSI source code including framework for BIOS development [sic]There is also a private key.
It appears that criminals now have the means to build firmware blobs that are not only in the correct format, but also have the correct digital signature embedded in them.
MSI has neither confirmed nor denied it was stolen, but is warning customers. “Firmware/BIOS update [MSI’s] Do not use files from the official website, sources other than the official website.”
What should I do?
If the criminals are telling the truth and they actually have the private key needed to sign the firmware blob (MSI certainly has a variety of private keys for all sorts of different signing purposes, so even if the crooks have some private keys they’ll have a hard time approving the firmware build). none suitable)…
…then going outside the market is now doubly dangerous, because just checking the digital signature of a downloaded file is no longer enough to verify its origin.
It’s safer to carefully stick to MSI’s official site, as the crooks will also need access to the official site to replace genuine downloads with booby-trapped fakes, as well as signing keys for firmware files.
We hope that MSI is paying special attention to who has access to the official download portal at the moment, and watching more closely than usual for any unexpected changes.
.