The recent discovery of leaked test keys in computer and server motherboard firmware has raised concerns among cybersecurity experts. Binarly’s researchers uncovered 22 different AMI test PKs with warnings “DO NOT TRUST” or “DO NOT SHIP” in firmware binaries dating back to 2018. These keys were present in almost 900 motherboard models from various vendors such as Acer, Dell, Fujitsu, Gigabyte, HP, Intel, Lenovo, and Supermicro. This revelation accounts for more than 10% of the firmware images in their dataset, indicating a widespread issue within the industry.
The presence of these untrustworthy keys poses a significant security risk as they may have been shared among multiple vendors and developers in an insecure manner. It is possible that these keys have already fallen into the wrong hands, potentially undermining the integrity of the affected systems. Notable incidents in the past, such as the data dump from motherboard manufacturer Micro-Star International (MSI) and the data leak from Lenovo, serve as stark reminders of the potential consequences of such security lapses.
To address this issue, Binarly has developed an online scanner where users can check if their motherboard firmware contains a test key. Additionally, they have provided a list of affected motherboard models in their advisory for users to reference. However, the remediation of this issue ultimately lies in the hands of vendors who must issue firmware updates with new, securely generated PKs. This process may prove challenging for users whose motherboard models are no longer supported, as the earliest instances of using test keys date back to 2012.
The prevalence of leaked test keys in firmware underscores the importance of robust security measures in the manufacturing and distribution of hardware components. As cyber threats continue to evolve, it is crucial for vendors to prioritize the protection of sensitive information and ensure that their products are not vulnerable to exploitation. The discovery of these test keys serves as a wake-up call for the industry to implement more stringent security practices and safeguard against potential breaches that could compromise user data and system integrity.
Croatian 
English 
Albanian 
Serbian 