The subsequent time you could obtain drivers to your MSI laptop computer or motherboard, make rattling positive you’re getting it straight from the supply. That’s fairly good recommendation for any form of software program replace, however it’s significantly related since hackers stole a huge trove of proprietary data last month. The firm has reportedly refused to pay the ransom, so non-public software program keys had been posted to the darkish internet final week.

The hazard right here is that hackers can obtain MSI system firmware, modify it to incorporate malware or adware, then signal it with MSI’s official keys, letting it slip proper previous the standard authenticity checks. It additionally makes it a lot more durable for traditional antivirus scanners to search out, although there are methods to determine the leaked keys and run double-checks towards current databases. According to safety agency Binarly (through PC Mag), the launched recordsdata have an effect on 57 totally different MSI merchandise, together with laptops within the Creator, Crosshair, Katana, Modern, Prestige, Pulse, Raider, Stealth, Summit, Sword, and Vector sequence.

But that’s not all. The leaked information additionally contains keys for Intel’s proprietary Boot Guard system, part of UEFI Secure Boot. Those keys are relevant throughout a big selection of {hardware} from a number of distributors, together with business giants like Lenovo. Binarly says that these keys have an effect on an additional 166 merchandise.

It is, in phrases that may be too sort, a multitude. MSI’s refusal to pay ransom to hackers is comprehensible, and even laudable—giving in to hackers wouldn’t assure that the info stays protected and would solely incentivize additional legal acts. But it’s now roughly inevitable that cracked firmware will present up someplace, simply begging a search engine to crawl the web page and place it above MSI’s official downloads.