From the “how in the world did this happen?” department Wired is reporting that millions, yes millions, of Gigabyte motherboards were sold with backdoors in them. How bad is this? It’s as bad as you think it is:
Researchers at firmware-focused cybersecurity company Eclypsium revealed today that they’ve discovered a hidden mechanism in the firmware of motherboards sold by the Taiwanese manufacturer Gigabyte, whose components are commonly used in gaming PCs and other high-performance computers. Whenever a computer with the affected Gigabyte motherboard restarts, Eclypsium found, code within the motherboard’s firmware invisibly initiates an updater program that runs on the computer and in turn downloads and executes another piece of software.
While Eclypsium says the hidden code is meant to be an innocuous tool to keep the motherboard’s firmware updated, researchers found that it’s implemented insecurely, potentially allowing the mechanism to be hijacked and used to install malware instead of Gigabyte’s intended program. And because the updater program is triggered from the computer’s firmware, outside its operating system, it’s tough for users to remove or even discover.
“If you have one of these machines, you have to worry about the fact that it’s basically grabbing something from the internet and running it without you being involved, and hasn’t done any of this securely,” says John Loucaides, who leads strategy and research at Eclypsium. “The concept of going underneath the end user and taking over their machine doesn’t sit well with most people.”
It doesn’t sit well with me. And I am sure that owners of Gigabyte motherboards are going to very unhappy to say the least when they find out about this. There are 271 models of Gigabyte motherboards affected by this vulnerability. You can find out if you’re one of them by navigating to “Start” and then “System Information” on Windows. Now Gigabyte is working with Eclypsium to address this. But that could take years given the scale of the problem. Thus if you have one of these motherboards, you might want to consider ditching it for another brand. That sounds like an extreme way of dealing this this, but this problem isn’t trivial. And hackers associated with Russia’s GRU military intelligence agency and Chinese state-sponsored groups have used similar techniques to install spyware on victims’ machines. Thus decisive action like that may be your only recourse.
Like this:
Like Loading...
Related
This entry was posted on June 1, 2023 at 8:44 am and is filed under Commentary with tags Gigabyte. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
If You Own A Gigabyte Motherboard, It May Have A Backdoor In It…. Yikes!
From the “how in the world did this happen?” department Wired is reporting that millions, yes millions, of Gigabyte motherboards were sold with backdoors in them. How bad is this? It’s as bad as you think it is:
Researchers at firmware-focused cybersecurity company Eclypsium revealed today that they’ve discovered a hidden mechanism in the firmware of motherboards sold by the Taiwanese manufacturer Gigabyte, whose components are commonly used in gaming PCs and other high-performance computers. Whenever a computer with the affected Gigabyte motherboard restarts, Eclypsium found, code within the motherboard’s firmware invisibly initiates an updater program that runs on the computer and in turn downloads and executes another piece of software.
While Eclypsium says the hidden code is meant to be an innocuous tool to keep the motherboard’s firmware updated, researchers found that it’s implemented insecurely, potentially allowing the mechanism to be hijacked and used to install malware instead of Gigabyte’s intended program. And because the updater program is triggered from the computer’s firmware, outside its operating system, it’s tough for users to remove or even discover.
“If you have one of these machines, you have to worry about the fact that it’s basically grabbing something from the internet and running it without you being involved, and hasn’t done any of this securely,” says John Loucaides, who leads strategy and research at Eclypsium. “The concept of going underneath the end user and taking over their machine doesn’t sit well with most people.”
It doesn’t sit well with me. And I am sure that owners of Gigabyte motherboards are going to very unhappy to say the least when they find out about this. There are 271 models of Gigabyte motherboards affected by this vulnerability. You can find out if you’re one of them by navigating to “Start” and then “System Information” on Windows. Now Gigabyte is working with Eclypsium to address this. But that could take years given the scale of the problem. Thus if you have one of these motherboards, you might want to consider ditching it for another brand. That sounds like an extreme way of dealing this this, but this problem isn’t trivial. And hackers associated with Russia’s GRU military intelligence agency and Chinese state-sponsored groups have used similar techniques to install spyware on victims’ machines. Thus decisive action like that may be your only recourse.
Share this:
Like this:
Related
This entry was posted on June 1, 2023 at 8:44 am and is filed under Commentary with tags Gigabyte. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.