Security firm Eclypsium revealed that GIGABYTE motherboards have a backdoor that few users are aware of.
UP, 20:22:
We indicate that we are working to correct the security issue.
Almost 300 cards in the list
It must be because the company wants to be able to quickly update motherboard firmware, but according to Eclypsium’s John Lucaides, the manufacturer hasn’t done enough to secure access. The security company has one long list Number of motherboards affected (271) – The list includes B, H, Z and X series motherboards from the stock manufacturer.
To Wired, Loucaides stated that “if you have one of these devices, you have to worry about the fact that it’s fetching something from the web and running it without your input, and that it’s not done in a secure way,” explains the security expert and adds that “the concept of circumvention Being around the end user and taking over their device is something most people don’t like very much.”
“conversion is not secure”
During a general BIOS security check, the researchers made this discovery. It is actually the case that Gigabyte transfers an executable file to Windows devices, which runs when the operating system starts up. Then the applet (%SystemRoot%\system32\GigabyteUpdateService.exe) downloads and runs the code from Gigabyte to update the motherboards. Eclypsium thinks security is lacking in the download section.
Depending on your setup, the software downloads updates from mb.download.gigabyte.com/FileList/Swhttp/LiveUpdate4, mb.download.gigabyte.com/FileList/Swhttp/LiveUpdate4, or software-nas/Swhttp/LiveUpdate4.
We noticed that even when using the enabled HTTPS options, the remote server’s certificate validation is not performed correctly. Therefore, “machine in the middle” attacks are also possible in this case.
eclipse
The “APP Center Download & Install” function in BIOS/UEFI must be active for such installations to take place. Oddly enough, the feature “appears to be off by default, but it was enabled on the systems we examined”.
If you have one of the cards on the list, you may want to disable the app’s download functionality if it’s on and you’d rather be in control yourself.
“Web specialist. Lifelong zombie maven. Coffee ninja. Hipster-friendly analyst.”
