Hundreds of Gigabyte Motherboard Models Suffer From Potential Backdoor

pcmag.com:

Millions of Gigabyte motherboards may have a serious problem: a feature designed to update the hardware with the latest firmware can also be exploited to become a backdoor for hackers. 

The findings(Opens in a new window) come from cybersecurity firm Eclypsium, which uncovered the security vulnerability in 271 Gigabyte motherboard models. 

The discovery is a bit ironic since updating your motherboard’s firmware can prevent security threats while enabling new features or boosting the product’s performance. The problem is that Gigabyte’s update mechanism was implemented with little security in place to stop hackers from hijacking the same processes. 

For example, the update mechanism is designed to download the latest firmware from three Gigabyte web domains. However, Eclypsium found the update process can neglect to verify that the download comes from an official Gigabyte source. As a result, a hacker could use a “man-in-the-middle attack,” like taking over a local Wi-Fi network, to spoof one of the fake Gigabyte web domains and push malware to affected computers. 

The other possibility is that a hacker could infiltrate an official Gigabyte server to exploit the update mechanism and automatically push out malware to various motherboard models. (In 2021, the PC vendor suffered a ransomware attack that ensnared a few internal servers.) 

The update mechanism is particularly powerful because it can load software during the Windows boot-up process. The update mechanism is also hard to remove since it’s embedded in the motherboard’s UEFI (Unified Extensible Firmware Interface), which boots up your computer. 

Hence, hijacking the update mechanism could pave a way for hackers to create malware capable of persisting on a Windows