Millions of Gigabyte motherboards may have a serious problem: a feature designed to update hardware with the latest firmware can also be exploited to become a backdoor for hackers
The foundings they come from the cyber security company eclipsium, which disclosed the security vulnerability in 271 Gigabyte motherboard models.
The discovery is a bit ironic, as updating your motherboard's firmware can prevent security threats while also enabling new features or increasing product performance. The problem is that Gigabyte's update mechanism was implemented with minimal security to prevent hackers from hijacking the same processes.
For example, the updater is designed to download the latest firmware from Gigabyte's three online domains. However, Eclypsium found that the update process may neglect to verify that the download is from an official Gigabyte source. As a result, a hacker could use an attack “Man-in-the-middle", such as hijacking a local Wi-Fi network, to spoof one of Gigabyte's fake web domains and promote malware on the affected computers.
The other possibility is that a hacker could infiltrate an official Gigabyte server to exploit the update mechanism and automatically push malware to various motherboard models. We recall that in 2021, the computer vendor suffered a ransomware attack that trapped some internal servers.
The update mechanism is particularly powerful because it can load software during the Windows startup process. The update mechanism is also difficult to remove as it is built into the UEFI (Unified Extensible Firmware Interface) of the motherboard, which starts your computer.
Therefore, hacking the update mechanism could open the way for hackers to create malware capable of persisting on a Windows PC. The same malware could also be difficult to detect as it would disguise itself as a legitimate process on Gigabyte's system.
According to Eclypsium, the affected models of Gigabyte cover AMD and Intel motherboards from the last four years, including the latest X670 and Z790 boards. The good news is that Eclypsium has not discovered any evidence that hackers are exploiting the update mechanism.
Still, the cybersecurity company warns: “An active widespread backdoor that is difficult to remove poses a risk to the supply chain of organizations with Gigabyte systems".
An Eclypsium researcher said also in Wired: “I still think this will end up being a fairly widespread problem on Gigabyte motherboards for years to come".
Gigabyte did not immediately respond to a request for comment. But Eclypsium says it's working with the PC vendor to fix the problem. This will require "a firmware update to completely remove" the update engine from affected systems.
Do not forget to follow it Xiaomi-miui.gr on Google News to be informed immediately about all our new articles! You can also if you use RSS reader, add our page to your list by simply following this link >> https://news.xiaomi-miui.gr/feed/gn
Follow us on Telegram so that you are the first to learn our every news!
