Cybersecurity company Eclypsium has uncovered in hundreds of Gigabyte motherboard models a firmware backdoor that’s installed by the motherboard manufacturer itself.

As explained in their report, Eclypsium discovered an executable code embedded into the UEFI firmware. Whenever the computer boots up, the code runs during the Windows startup process an updater program that’s downloaded from the internet. This is meant to keep motherboard firmware up to date, but Eclypsium warns that this could be exploited to compromise systems.

Eclypsium noted that one of the possible sources of the program is from a plain HTTP source, which the company says is easily compromised using machine-in-the-middle attacks. The company also noticed improper certification validation and lack of cryptographic digital signature verification, which means MITM is also possible even when downloading from the secured HTTP sources.

If you’re using a Gigabyte motherboard and curious if yours is affected by this backdoor, check the list of models included by Eclypsium in their report. As counted by WIRED, 271 models along with several variations/editions are at risk. These include the latest Z790 and X670.

Is your motherboard in the list? To avoid getting hijacked via this vulnerability, enter the BIOS and disable the feature called “APP Center Download & Install.”

Late last week, Gigabyte released an advisory over the issue and recommended visiting its official website for future BIOS updates. The company also claimed that cybersecurity and information security are prioritized for its motherboards and other hardware solutions.

Leave a comment

Your email address will not be published. Required fields are marked *