Jump to content

MSI Cyber Attack- Source Code Stolen


Recommended Posts

  • 1 month later...

So yeah, this is not great.


I'm still not entirely sure of the practical impact, assuming that MSI's web site credentials were in fact not stolen.  As one commentator elsewhere said, you'd have to be a lunatic to be downloading firmware updates from random third-party sites.  (Although I could also see a use case if you have an HP laptop and are trying to get around their WiFi card whitelisting practices)  If the hackers had the ability to publish updates that not only were signed by MSI but were available for distribution through official channels, the problem would be much worse.


According to a security firm cited by PC Magazine, the list of affected models is at https://github.com/binarly-io/SupplyChainAttacks/blob/main/MSI/MsiImpactedDevices.md .  Neither of my MSI laptops is listed as affected, so I'll keep them for now.  But even if they were, I'm not sure I'd be super-concerned?  It certainly raises general questions about security practices (how'd this get stolen in the first place?  Back door wide open?  Spear phishing?), but there's a good chance I'm not ever going to upgrade my firmware, and if I do it will be from the official site.

Desktop: Core i5 2500k "Sandy Bridge" | RX 480 | 32 GB DDR3 | 1 TB 850 Evo + 512 GB NVME + HDDs | Seasonic 650W | Noctua Fans | 8.1 Pro

Laptop: MSI Alpha 15 | Ryzen 5800H | Radeon 6600M | 64 GB DDR4 | 4 TB TLC SSD | 10 Home

Laptop history: MSI GL63 (2018) | HP EliteBook 8740w (acq. 2014) | Dell Inspiron 1520 (2007)

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue. Terms of Use