Most Gigabyte motherboards affected by brutal security issue
Not looking good for Gigabyte motherboard owners
Share this article...
WePC is reader-supported. When you buy through links on our site, we may earn an affiliate commission. Prices subject to change. Learn more
In a concerning discovery, cybersecurity researchers have identified what they describe as “backdoor-like behavior” in Gigabyte systems. This behavior allows the UEFI firmware of these devices to install a Windows executable and retrieve updates in an insecure format. Here’s how most Gigabyte motherboards affected by brutal security issues.
The brutal security Issue
In April 2023, the cybersecurity firm Eclypsium identified this issue, and Gigabyte has taken action to address it. However, it’s important for users to update their motherboards to protect against potential risks.
What Happens?
As The hacker News reports, Gigabyte firmware contains a Windows executable embedded within the UEFI firmware. During the Windows startup process, this executable deploys, resembling a known attack called LoJack double agent. It downloads and runs additional files using insecure methods, making the update process vulnerable to exploitation.
Potential Risks
The intention behind this vulnerability is unclear, but it’s important to distinguish it from a malicious backdoor. The UEFI firmware launches the embedded executable as an update service during system boot. However, the application responsible for downloads and execution lacks proper security measures, relying on plain HTTP connections. This exposes the process to potential attacks by intercepting the communication.
Impacted Systems and Consequences
Around 364 Gigabyte systems, potentially affecting 7 million devices, could be impacted by this issue. Threat actors are always looking for ways to remain undetected, and vulnerabilities in firmware updates could allow them to install stealthy UEFI boot kits and implants that bypass operating system security controls.
You can find a full list of affected devices Here.
Persistent Threats and Mitigation
One worrisome aspect is that malware injected into the firmware can persist even if you wipe the drives and reinstall the operating system.
To mitigate the risks, it is crucial to apply the latest firmware updates promptly. Additionally, disabling the “APP Center Download & Install” feature in UEFI/BIOS Setup and set a BIOS password can help prevent unauthorized changes.
What It Means for Users
In simple terms, this vulnerability allows bad actors to inject code into the system’s boot sequence to download unauthorized programs, granting them access at a UEFI level. The average user who practices safe internet habits is unlikely to be affected, but those who neglect device security may face a higher risk.
Final Word
The discovery of “backdoor-like behavior” in Gigabyte systems raises serious concerns about the security of UEFI firmware and the potential consequences of vulnerabilities in the firmware update process.
Prioritizing firmware security alongside traditional measures is crucial for organizations and individuals. Regular firmware updates, a thorough inspection of firmware features, and following security best practices help mitigate the risks associated with these vulnerabilities, ensuring a safer computing environment for all users.
