Gigabit — Millions of PC motherboards were sold with a firmware backdoor Hidden code in many Gigabyte motherboards invisibly and insecurely downloads programs.
Andy Greenberg, wired.com – Jun 1, 2023 1:04 pm UTC EnlargeBeeBright/Getty Images reader comments 39 with
Hiding malicious programs in a computers UEFI firmware, the deep-seated code that tells a PC how to load its operating system, has become an insidious trick in the toolkit of stealthy hackers. But when a motherboard manufacturer installs its own hidden backdoor in the firmware of millions of computersand doesnt even put a proper lock on that hidden back entrancetheyre practically doing hackers work for them.
Researchers at firmware-focused cybersecurity company Eclypsium revealed today that theyve discovered a hidden mechanism in the firmware of motherboards sold by the Taiwanese manufacturer Gigabyte, whose components are commonly used in gaming PCs and other high-performance computers. Whenever a computer with the affected Gigabyte motherboard restarts, Eclypsium found, code within the motherboards firmware invisibly initiates an updater program that runs on the computer and in turn downloads and executes another piece of software. Advertisement
While Eclypsium says the hidden code is meant to be an innocuous tool to keep the motherboards firmware updated, researchers found that its implemented insecurely, potentially allowing the mechanism to be hijacked and used to install malware instead of Gigabytes intended program. And because the updater program is triggered from the computers firmware, outside its operating system, its tough for users to remove or even discover.
If you have one of these machines, you have to worry about the fact that its basically grabbing something from the Internet and running it without you being involved, and hasnt done any of this securely, says John Loucaides, who leads strategy and research at Eclypsium. The concept of going underneath the end user and taking over their machine doesnt sit well with most people.
In its blog post about the research, Eclypsium lists 271 models of Gigabyte motherboards that researchers say are affected. Loucaides adds that users who want to see which motherboard their computer uses can check by going to Start in Windows and then System Information. Page: 1 2 Next → reader comments 39 with Advertisement Channel Ars Technica ← Previous story Related Stories Today on Ars