Experts have warned that millions of motherboards built by Gigabyte have been shipped with a firmware backdoor that could be used to inject malware into the devices.
IN blog postsecurity firm Eclypsium said it recently noticed “backdoor-like behavior on Gigabyte systems in the wild.”
Further analysis revealed that Gigabyte motherboards, a total of 271 different models, contained a hidden mechanism that silently triggers an updater that connects to a remote server, downloads, and then runs the firmware. While this may sound dodgy at best, but most likely malicious, Eclypsium claims the updater’s purpose is much more benign: updating your motherboard software.
No proper authentication
Anyway, researchers found that the updater is implemented in an insecure way, which allows cyber criminals to take control of the updater and use it for their own nefarious purposes. Apparently, the updater downloads the code without proper authentication, in some cases even over an HTTP connection (as opposed to HTTPS). This would enable man-in-the-middle attacks on rogue Wi-Fi networks, allowing would-be cybercriminals to spoof the installation source and drop malware.
It should be noted that the updater runs from the firmware and as such is immune to antivirus programs, endpoint security solutions and the like.
So far, Gigabyte has been silent on the matter. Eclypsium says it is now working with the manufacturer on a fix, and besides, the Taiwanese giant did not want to answer any questions, reports Wired.
The fix would most likely include a firmware update that would need to be pushed out to millions of potentially affected devices. Gigabyte will also have to find a better way to deliver firmware updates to its hardware.