Millions of Gigabyte motherboards may have a serious problem: a feature designed to update the hardware with the latest firmware can also be exploited to become a backdoor for hackers.
The findings(Opens in a new window) come from cybersecurity firm Eclypsium, which uncovered the security vulnerability in 271 Gigabyte motherboard models.
The discovery is a bit ironic since updating your motherboard’s firmware can prevent security threats while enabling new features or boosting the product’s performance. The problem is that Gigabyte’s update mechanism was implemented with little security in place to stop hackers from hijacking the same processes.
For example, the update mechanism is designed to download the latest firmware from three Gigabyte web domains. However, Eclypsium found the update process can neglect to verify that the download comes from an official Gigabyte source. As a result, a hacker could use a “man-in-the-middle attack,” like taking over a local Wi-Fi network, to spoof one of the fake Gigabyte web domains and push malware to affected computers.
The other possibility is that a hacker could infiltrate an official Gigabyte server to exploit the update mechanism and automatically push out malware to various motherboard models. (In 2021, the PC vendor suffered a ransomware attack that ensnared a few internal servers.)
The update mechanism is particularly powerful because it can load software during the Windows boot-up process. The update mechanism is also hard to remove since it’s embedded in the motherboard’s UEFI (Unified Extensible Firmware Interface), which boots up your computer.
Hence, hijacking the update mechanism could pave a way for hackers to create malware capable of persisting on a Windows PC. The same malware could also be hard to detect since it would be masquerading as a legitimate Gigabyte system process.
Recommended by Our Editors
According to Eclypsium, the affected Gigabyte models(Opens in a new window) cover both AMD and Intel motherboards from the past four years, including the latest X670 and Z790 boards. The good news is that Eclypsium has uncovered no evidence of hackers exploiting the update mechanism.
Still, the cybersecurity firm warns: “An active widespread backdoor that is difficult to remove poses a supply chain risk for organizations with Gigabyte systems.” An Eclypsium researcher also told(Opens in a new window) Wired: “I still think this will end up being a fairly pervasive problem on Gigabyte boards for years to come.”
Gigabyte didn’t immediately respond to a request for comment. But Eclypsium says it’s working with the PC vendor to fix the issue. This will require “a firmware update to completely remove” the update mechanism from the affected systems.
Like What You’re Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
Hits: 0
