Millions of Gigabyte Motherboards were Sold with a Firmware Backdoor

    Millions of Gigabyte Motherboards were Sold with a Firmware Backdoor

    Millions of Gigabyte Motherboards were Sold with a Firmware Backdoor

    Last Updated: 06 Jun 2023 at 08:19

    UPDATE 6/01: GIGABYTE Fortifies System Security with Latest BIOS Updates and Enhanced Verification | News - GIGABYTE Global

    HIDING MALICIOUS PROGRAMS in a computer’s UEFI firmware, the deep-seated code that tells a PC how to load its operating system, has become an insidious trick in the toolkit of stealthy hackers. But when a motherboard manufacturer installs its own hidden backdoor in the firmware of millions of computers—and doesn’t even put a proper lock on that hidden back entrance—they’re practically doing hackers’ work for them.

    Researchers at firmware-focused cybersecurity company Eclypsium revealed today that they’ve discovered a hidden mechanism in the firmware of motherboards sold by the Taiwanese manufacturer Gigabyte, whose components are commonly used in gaming PCs and other high-performance computers. Whenever a computer with the affected Gigabyte motherboard restarts, Eclypsium found, code within the motherboard’s firmware invisibly initiates an updater program that runs on the computer and in turn downloads and executes another piece of software.

    While Eclypsium says the hidden code is meant to be an innocuous tool to keep the motherboard’s firmware updated, researchers found that it’s implemented insecurely, potentially allowing the mechanism to be hijacked and used to install malware instead of Gigabyte’s intended program. And because the updater program is triggered from the computer’s firmware, outside its operating system, it’s tough for users to remove or even discover.

    “If you have one of these machines, you have to worry about the fact that it’s basically grabbing something from the internet and running it without you being involved, and hasn’t done any of this securely,” says John Loucaides, who leads strategy and research at Eclypsium. “The concept of going underneath the end user and taking over their machine doesn’t sit well with most people.”

    In its blog post about the research, Eclypsium lists 271 models of Gigabyte motherboards that researchers say are affected. Loucaides adds that users who want to see which motherboard their computer uses can check by going to “Start” in Windows and then “System Information.”

    Eclypsium says it found Gigabyte’s hidden firmware mechanism while scouring customers’ computers for firmware-based malicious code, an increasingly common tool employed by sophisticated hackers. In 2018, for instance, hackers working on behalf of Russia’s GRU military intelligence agency were discovered silently installing the firmware-based anti-theft software LoJack on victims’ machines as a spying tactic. Chinese state-sponsored hackers were spotted two years later repurposing a firmware-based spyware tool created by the hacker-for-hire firm Hacking Team to target the computers of diplomats and NGO staff in Africa, Asia, and Europe. Eclypsium’s researchers were surprised to see their automated detection scans flag Gigabyte’s updater mechanism for carrying out some of the same shady behavior as those state-sponsored hacking tools—hiding in firmware and silently installing a program that downloads code from the internet.

    Read more:

    Gigabyte Affected Models (PDF):
    Brink's Avatar Posted By: Brink
    01 Jun 2023

  1.   My Computers

  2. Posts : 7,964
    Windows 11 Pro 64 bit

    What about other leading manufacturers like Asus and MSI?
      My Computers

  3. Posts : 9,792
    Mac OS Catalina

    Steve C said:
    What about other leading manufacturers like Asus and MSI?
    What about them? Were they mentioned in the article?
      My Computer

  4. Posts : 1,204
    11 Home

    This here made me laugh:
    Although this setting appears to be disabled by default, it was enabled on the system we examined.
      My Computers

  5. Posts : 69,928
    64-bit Windows 11 Pro for Workstations
    Thread Starter
      My Computers

  6. Posts : 60
    Windows 10 Pro [Build 19045.4291]

    Are AMD X570 boards also affected?
      My Computers

  7. Posts : 4,702

    affected models:

    looks like series 400 to 700 boards
      My Computer

  8. Posts : 60
    Windows 10 Pro [Build 19045.4291]

    My X570S Aorus Master turns out to be one of the affected ones too,
    thankfully there is already a new Bios out to fix the issue it seems.

    Edit: Gigabyte broke "Bios Profiles" in this update, so using a saved Profile from a older Bios will not work.
    Last edited by SuperConker; 07 Jun 2023 at 15:22.
      My Computers


  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 20:12.
Find Us

Windows 10 Forums