Millions of Gigabyte motherboards were sold with a firmware backdoor flaw - see if you’re affected

Gigabyte firmware updater was working without proper contingencies

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Millions ofmotherboardsbuilt by Gigabyte were shipped out with a firmware backdoor that could have been abused to dropmalwareto the devices, experts have warned.

In ablog post, security firm Eclypsium said that it recently spotted “backdoor-like behavior within Gigabyte systems in the wild.”

Further analysis discovered that Gigabyte motherboards, a total of 271 different models, carried a hidden mechanism that quietly runs an updater program, which connects to a remote server, downloads, and then executes, software. While it might sound suspicious at best, but most likely malicious, Eclypsium says the updater’s goal is a lot more benign: to keep the motherboard’s firmware up to date.

Missing proper authentication

Missing proper authentication

Be that as it may, the researchers found that the updater is implemented insecurely, allowing threat actors to hijack the updater and use it for their own nefarious purposes. Apparently, the updater downloads code without proper authentication, in some cases even over an HTTP connection (as opposed to HTTPS). This would make man-in-the-middle attacks on rogue Wi-Fi networks a possibility, allowing potential threat actors to spoof the installation source and drop malware.

It’s important to note that the updater works from the firmware, and as such is immune toantivirusprograms, endpoint security solutions, and similar.

Your motherboard could be infected with some seriously sneaky malware>Millions of Windows 10 PCs exposed by nasty security vulnerability>These are the best firewalls today

So far, Gigabyte has been relatively quiet on the matter. Eclypsium says it’s now working with the manufacturer on a fix, and other than that, the Taiwanese giant did not want to answer any questions, Wired reports.

The fix would most likely include a firmware update which would need to be pushed to millions of potentially affected devices. Gigabyte will also need to find a better way to deliver firmware updates to its hardware.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

NYT Strands today — hints, answers and spangram for Sunday, November 10 (game #252)