Millions of Gigabyte motherboards have been found to contain a firmware backdoor that poses a potential security risk, according to a recent warning issued by security firm Eclypsium.
As reported by TechRadar, the backdoor-like behavior was discovered during a thorough analysis of Gigabyte systems, revealing a hidden mechanism that enables a remote server to download and execute software on the affected motherboards.
270 Motherboard Models Affected
Eclypsium identified a total of 271 different Gigabyte motherboard models that could potentially be impacted by this firmware vulnerability.
Although the purpose of the updater program installed on the motherboards is to keep the firmware up to date, the implementation of this feature is flawed, making it susceptible to exploitation by threat actors.
A Deeper Look at the Issue
The insecure implementation of the updater program allows attackers to intercept the downloads and execute malicious code on the motherboards.
This puts users at risk of falling victim to man-in-the-middle attacks, particularly when connected to rogue Wi-Fi networks. Compromised installation sources can be spoofed, enabling threat actors to inject malware into the affected systems.
This means that anyone with bad intentions can use this vulnerability to infect computers that are not protected, either by intercepting the communication between the computer and the internet or by compromising the computer's infrastructure.
Read also: Toyota Discloses Massive Data Breach: Customer Info Exposed Across Oceania, Asia for Over 6 Years
One concerning aspect of this firmware backdoor is that it operates at the firmware level, making it impervious to antivirus programs and other traditional endpoint security solutions.
This raises significant challenges for users seeking to protect their systems from potential threats.
What Users Can Do
While Gigabyte has not provided an official response regarding this issue, Eclypsium has initiated collaboration with the manufacturer to address the problem.
A firmware update is expected to be the primary solution, which will require distribution to millions of potentially affected devices. Additionally, Gigabyte will need to establish a more secure method for delivering future firmware updates to its hardware.
In the meantime, Eclypsium advises users to exercise caution when utilizing Gigabyte systems or any systems featuring the affected motherboards.
Organizations are encouraged to scan and monitor their systems and firmware updates to detect any compromised Gigabyte systems and identify the backdoor-like tools embedded in the firmware.
Updating systems to the latest validated firmware and software is essential for addressing security vulnerabilities of this nature.
To mitigate the risk posed by the firmware backdoor, administrators can inspect and disable the "APP Center Download & Install" feature in the UEFI/BIOS Setup on Gigabyte systems. Setting a BIOS password can also deter malicious changes and unauthorized access.
As an additional precautionary measure, administrators can block specific URLs associated with the Gigabyte firmware updater. These URLs include:
- https://mb.download.gigabyte.com/FileList/Swhttp/LiveUpdate4
- https://mb.download.gigabyte.com/FileList/Swhttp/LiveUpdate4
- https://software-nas/Swhttp/LiveUpdate4
By taking these recommended actions, users and organizations can minimize the risk posed by the firmware backdoor and protect their systems from potential compromise.
Stay posted here at Tech Times.