Gigabyte Hundreds of motherboard models with backdoors

Hardware company Gigabyte will have to answer some tough questions.

The first and most difficult one is, "Why did you put a backdoor in your own motherboard firmware without telling anyone?" The second is, "Why didn't you lock the backdoor in any meaningful way, hoping that it would remain secure simply because they don't know?"gigabytes

These questions and many more were raised by security research firm Eclysium when they discovered the backdoor in question in Gigabyte's UEFI firmware, which exists in hundreds of motherboard models on the market.

Eclysium he says that the code is used by Gigabyte to install firmware updates over the Internet or from some local network storage. However, according to the researchers, the tool is not secure, which means that any malicious user who knows about it can load their own code onto a computer motherboard. The problem was discovered through a Windows boot executable that can install new UEFI firmware, download from an unsecured Gigabyte server, and install the software without any signature verification.

The researchers' publication states that this security gap could be used by attackers to upload malicious files such as rootkits, directly to a user's machine or by hacking a Gigabyte server. "Man in the middle" attacks are also possible, which interfere with the download process and serve whatever.

Eclysium provided three Gigabyte URLs that could be blocked by users or system administrators to prevent updates from the Internet.

  • https://software-nas/Swhttp/LiveUpdate4

Hundreds of motherboard models are affected, including some that have just been released to retail customers as well as high-end system builders. You can see a full list from here (PDF).

Eclysium says it has notified Gigabyte of the vulnerability and that the company plans to address the issue, possibly with a firmware update. The Best Technology Site in Greecefgns

Subscribe to via Email

Subscribe to this blog and receive notifications of new posts by email.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).