Gigabyte Motherboards Widely Exposed To A Hidden Backdoor, Company Rushes To Issue BIOS Fix
Eclypsium, a cybersecurity firm specializing in firmware, has discovered a hidden backdoor on several Gigabyte motherboards which may lead to malware getting installed into your system.
The firmware contains code that, during system startup, initiates an updater software that, if necessary, connects to the internet and downloads the most recent version of the firmware for the motherboard. Eclypsium indicated that Gigabyte's implementation is dangerous and that hackers may use the vulnerability to infect the victim's PC with malware. Eliminating the updater isn't an option here since it is in the motherboard's firmware.
The flaw was identified in a Windows startup program attempting to update the UEFI firmware. This executable downloaded the software from an unsafe Gigabyte server and installed it without proper authentication. According to the research blog post, this security flaw might allow hackers to leverage the OEM backdoor to install malicious software like implants, either directly onto a user's computer or by infiltrating Gigabyte's server.
According to Eclypsium, the updater downloads the code to the user's PC without the required authentication. It doesn't use any additional validation techniques or cryptographic digital signature verification. Consequently, web connections are prone to Machine-in-the-Middle (MITM) attacks, compromising the data transfer with Gigabyte's server.
Eclypsium found that the updater was not only able to access the Internet but also a local NAS (Network Attached Storage) device for firmware updates which could also lead to spoofing attacks. The firm's research reveals that the Gigabyte updater application interacts with three separate websites for firmware updates:
The firm has also
Read more on wccftech.com
