Sign in / up

back to article MSI hit in cyberattack, warns against installing knock-off firmware

Owners of MSI-brand motherboards, GPUs, notebooks, PCs, and other equipment should exercise caution when updating their device's firmware or BIOS after the manufacturer revealed it has recently suffered a cyberattack. In a statement shared on Friday, MSI urged users "to obtain firmware/BIOS updates only from its official …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Ideasource Bronze badge

    If released, Good for power users and gamers

    Finally proper configuration control for MSI motherboards.

    Sure we can use the community created reverse engineered tools to painstakingly enable features, repair incompetent acpi tables, configure PCIE memory regions and other firmware level options, and swap out EFI drivers.

    But it's much easier and safer to fully realize the potential of your hardware, when you have access to the original firmware build tools.

    5 0 Reply
    1. Gene Cash Silver badge
      Reply Icon

      Re: If released, Good for power users and gamers

      Why put up with that crap, when you can just stop buying MSI motherboards and buy better stuff instead?

      0 0 Reply
      1. Ideasource Bronze badge
        Reply Icon

        Re: If released, Good for power users and gamers

        All the others suffer from the same lack of configurability.

        Purchasing additional equipment with similar but different soft limits , rewards the existing behaviors regarding artificial limitations. To modify industry behavior, the profitability of their existing methods has to be nullified to create the motivation necessary to bring the industry into line.

        When their quarterly reports are way below expectation, that's when they wake up and begin thinking again.

        0 0 Reply
      2. Stuart Castle Silver badge
        Reply Icon

        Re: If released, Good for power users and gamers

        I have an MSI motherboard. The only reason I have it is I'd just bought a Ryzen 5 3600, and as it was a new CPU then, the MSI motherboard I bought was the only one I could find that explicitly supported it without requiring a firmware update. I know that with at least some motherboards, you can flash the BIOS without a working CPU, but I didn't know that then.

        Anyway, it's nearly 3 years old now and is *generally* reliable, but if dare make a change, such as updating the firmware, it usually takes several reboots to get the bloody thing booted up again, but once booted, it's reliable. And the power connectors are bloody flaky. It seems as though you just need to look at them the wrong way to stop them providing power.

        Suffice it to say that, while I am not looking to upgrade my PC yet, I will be at some point, and I will think long and hard before buying another MSI motherboard.

        0 0 Reply
  2. Bebu Silver badge

    If released, ...

    Careful you will be giving the lawyers wet dreams. :)

    I can just imagine the litigation and all the attendant legal machinery coining unlimited brass for the blighters.

    1 0 Reply
  3. dca1

    Surely 'use proper channels' is not the issue.

    But it is more now 'don't let anyone near your hardware'. I imagine that a signed bios is more likely to be used in a physical attack than remote.

    0 0 Reply
    1. Ideasource Bronze badge
      Reply Icon

      Re: Surely 'use proper channels' is not the issue.

      A physical attack doesn't care about a signed bios.

      Physical attack will just use a chip clip programmer, this bypasses any protections the previous bios had regarding flashing new programming.

      0 0 Reply
    2. trindflo Bronze badge
      Reply Icon
      Alert

      Re: Surely 'use proper channels' is not the issue.

      There have been sites that stored old revisions so you could back-rev your BIOS and graphics hardware. These sites would often have older revisions than what the original manufacturer made available. If your machine was acting flaky, it was something to try in desperation.

      It was always a little bit risky, but with signed software maybe a little less risky. We've just been given notice that this is no longer an option with MSI products: if it doesn't come from the MSI website, it is a much worse idea than it used to be.

      Something I would be really concerned about is a pre-built machine using an MSI motherboard that looks like a really good deal. Might be someone willing to sell a system at very near or even under cost with a hacked BIOS giving them an opportunity to make a lot more money by draining your back account.

      Huh. No Jolly Roger icon; seems appropriate here.

      0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like