Security News > 2023 > April > Attention gamers! Motherboard maker MSI admits to breach, issues “rogue firmware” alert
Rogue firmware could, in theory, be used to spy on almost everything you do on your computer, acting as a super-low-level rootkit, the jargon term for malware that exists primarily to protect and hide other malware.
These days, rogue firmware downloads are generally easier to spot than they were in the past, given that they are usually digitally signed by the official vendor.
These digital signatures can either be verified by the existing firmware to prevent rogue updates being installed at all, or verified on another computer to check that they have the imprimatur of the vendor.
A download checksum simply confirms that the raw content of the file you downloaded matches the copy on the site where the checksum was stored, thus providing a quick way of verifying that there were no network errors during the download. If crooks hack the server to alter the file you are going to download, they can simply alter its listed checksum at the same time, and the two will match, because there is no cryptographic secret involved in calculating the checkum from the file.
Well, fans of MSI motherboards should be doubly cautious of installing off-market firmware right now, apparently even if it apparently comes with a legitimate-looking MSI digital "Seal of approval".
Carefully sticking to MSI's official site is safer, because the crooks would need not only the signing keys for the firmware file, but also access to the official site to replace the genuine download with their booby-trapped fake.