Hundreds of Gigabyte Motherboard Models May Contain a Backdoor

Hundreds of Gigabyte Motherboard Models May Contain a Backdoor

“Gigabyte engineers have already mitigated potential risks and uploaded the Intel 700/600 and AMD 500/400 series Beta BIOS to the official website after conducting thorough testing and validation of the new BIOS on Gigabyte motherboards,” the vendor stated on Thursday in a statement(Opens in a new window).

The repair, in particular, will compel the motherboard’s update mechanism to check that any downloaded firmware is legitimate and comes from an official Gigabyte source.

“BIOS updates for Intel 500/400 and AMD 600 series chipset motherboards will also be released on the Gigabyte official website later today, along with updates for previously released motherboards,” the firm stated.

The original tale is as follows: Millions of Gigabyte motherboards may have a significant problem: a feature designed to update the hardware with the most up-to-date software can also be used to provide a backdoor for hackers.

Eclypsium discovered the security flaw in 271 Gigabyte motherboard models, according to the findings(Opens in a new window).

The revelation is ironic given that updating your motherboard’s firmware might prevent security threats while also enabling new features and improving product performance. The issue is that Gigabyte’s update system was created with insufficient protection to prevent hackers from hijacking the same processes.

The update system, for example, is designed to download the most recent firmware from three Gigabyte web domains. Eclypsium discovered, however, that the update procedure can fail to validate that the download is from an official Gigabyte source. As a result, a hacker could use a “man-in-the-middle attack,” such as taking over a local Wi-Fi network, to mimic one of the bogus Gigabyte web domains and distribute malware to impacted machines.

Another possibility is that a hacker infiltrates an official Gigabyte server and uses the update system to automatically deliver malware to multiple motherboard models. (In 2021, a ransomware attack ensnared a few internal servers at the PC vendor.

The update mechanism is very powerful since it can load software while Windows is booting up. The update mechanism is also difficult to remove since it is incorporated in the motherboard’s UEFI (Unified Extensible Firmware Interface), which is responsible for booting up your computer.