Millions of motherboards manufactured by Gigabyte harbor a critical security flaw. According to the latest report from the computer security company Eclypsium, a “back door” exists within the manufacturer’s systems.
Some time ago, we mentioned in our columns this edifying study carried out by TrendMicro. According to the computer security company, millions of smartphones have been infected with malware since their manufacture.
In the case that interests us today, it is not about smartphones, but motherboards from Gigabyte. According to the latest report from the cybersecurity firm Eclypsium, millions of motherboards manufactured by the brand have been delivered with a backdoor in the firmware.
A backdoor in millions of motherboards
Properly exploited, this flaw would allow hackers to introduce malicious software on these essential components. Further analysis revealed that 271 Gigabyte motherboard models featured a hidden mechanism that quietly runs an updater.
Specifically, this process connects to a remote server before downloading and running software. If at first glance, this may seem suspicious, the objective of the program is actually quite simple: keep motherboard firmware up to date.
Also read: PC motherboard sales are plummeting, and it’s not going to get better
An update program that is not secure enough
The problem is that this update program was not at all secure. Indeed, it turns out that it uploads code without proper authentication, in some cases even over an unsecured HTTP connection. In fact and according to the Eclypsium researchers, these shortcomings open up a avenue to Man-in-the-Middle attacks via malicious Wi-Fi networks.
Using this technique, hackers could easily spoof the source of the firmware installation in order to to drop malware there instead. Importantly, the update tool works from the firmware, thus making it immune to antivirus programs and endpoint security solutions.
Gigabyte is working on a fix
For the moment, Gigabyte has not yet spoken on the subject. Nevertheless, Eclypsium experts claim work with the manufacturer to quickly develop a fix. In the meantime, there is not much you can do to protect against this vulnerability.
Eclypsium still advises “scan and monitor systems and firmware updates to detect affected Gigabyte systems and backdoor tools embedded in firmware”. But above all, the company invites users to inspect and disable “APP Center Download & Install” feature in the UEFI/Bios configuration of Gigabyte systems and to set a BIOS password to protect against malicious modifications.
Source: TechRadar