Intentional Backdoor On Gigabyte Motherboards Poses Major Security Risks To Users
In a startling discovery, noted cybersecurity firm Eclypsium has detected a major security flaw with motherboards made by Taiwanese computer hardware maker Gigabyte Technology. In a blog post detailing the issue, Eclypsium revealed that the security flaw with Gigabyte-made motherboards was found within the firmware. While there is no known case of someone using this vulnerability to cause intentional damage, the fact that it affects the motherboard's auto-update functionality is a major cause for concern. Eclyspium describes the vulnerability as a backdoor that is found on several Gigabyte motherboards, escaping detection for years.
Evidently, the issue lies with Gigabyte's flawed updater program which is a part of the motherboard's firmware. It is triggered when the motherboard attempts to connect to Gigabyte servers to look for new software versions. Essentially, the updater program within the firmware pings three different websites for the updated version of the firmware. One of these websites within the Gigabyte subdomain did not even have an SSL certificate and was left entirely unsecured, according to the researchers. In the case of the other two links — while they did have valid security certificates — Gigabyte allegedly did not have the correct implementation for remote server certificate validation.
The irony here is that firmware updates are typically used to fix vulnerabilities and security threats. In this instance, however, the manner in which the company implemented the firmware update protocol itself is being called into question. Gigabyte's approach not only negated the advantages of firmware updates but also potentially exposed millions of Gigabyte consumers to serious security threats. If that wasn't enough, Eclypsium also claims that the updater executed various codes without proper user authentication.
Gigabyte firmware issue: How many models are affected?
According to Eclypsium, the flaw affects more than 257 Gigabyte-made motherboards that the company sold to consumers over the past several years — concerned consumers can check to see whether their hardware is on the list here [PDF]. Among the affected ones include Gigabyte's latest Z790 and X670 models, in addition to a long list of legacy boards going back to AMD's 400 series machines.
Given that the vulnerability is at the BIOS level, there is very little that the average user can do to safeguard themselves from threat actors. However, Eclypsium has shared a few tips with users explaining how to stay safe from any potential issue caused by this vulnerability. To begin with, the company recommends disabling a feature called "APP Center Download & Install" within the motherboard's BIOS, as well as applying a password to it. This prevents the BIOS from executing an automated firmware update check without user intervention.
Following these developments, Gigabyte acknowledged the issue via a press release. In fact, the company has also started rolling out beta versions of its BIOS that patch the errant code for good. The latest Intel 700 series/600 series and AMD 500/400 series boards from Gigabyte are the first to get the updated firmware. In addition, Gigabyte has also indicated that a BIOS update for motherboards for the Intel 500/400 and AMD 600 series is on the cards and will be released later in the day.