After the keys that MSI uses to sign legitimate software were leaked following a hack, the likelihood of successful attacks along the software supply chain has increased.

MSI does not have an automatic patching system for its laptops like HP and Dell do. This poses a problem because the manufacturer has no way to easily and quickly revoke compromised digital keys. Such keys were leaked in a hack last month and allowed hackers to sign fraudulent software as if it came from MSI itself. Such malware would be trusted by MSI computers, giving hackers the ability to compromise the computers.

Dangerous but not easy

Actually, it’s important for MSI to revoke the leaked keys and replace them with new ones as soon as possible, but according to Binarly’s Alex Matrosov, who spotted the keys leak, the manufacturer doesn’t have a ready method to do it. In addition, there are no official safety guidelines. This is particularly annoying since systems for the business market are also vulnerable after the hack.

That doesn’t mean that it’s suddenly easy for attackers to break into MSI computers. A successful attack with signed malware must first reach the target computer. To do this, hackers must look for or exploit other vulnerabilities, although a vector can be as simple as phishing.