If you own a Gigabyte motherboard, you might want to check if it is one of the 271 models that are affected by a serious security flaw. According to a report by cybersecurity firm Eclypsium, Gigabyte’s firmware update mechanism has a backdoor that could allow hackers to install malware on your system.
What is the backdoor and how does it work?
The backdoor is a program that Gigabyte embeds in the motherboard’s UEFI firmware. It is designed to check for and download the latest firmware updates from Gigabyte’s servers. However, Eclypsium found that the program does not verify the authenticity or integrity of the downloaded files. It also does not use secure HTTPS connections or validate server certificates. This means that a hacker could intercept the network traffic and spoof Gigabyte’s servers, sending malicious code instead of legitimate updates.
The program runs every time you boot up your system and during Windows startup. It writes a Windows executable file to disk and loads it into memory. The file then contacts Gigabyte’s servers and downloads any available updates. The problem is that the file does not check if the updates are signed by Gigabyte or if they are safe to install. It blindly executes whatever it receives from the network.
What are the risks and consequences?
The backdoor could allow hackers to gain persistent access to your system and install malware that could spy on your activities, steal your data, encrypt your files, or damage your hardware. The malware could also survive reboots and reinstallations of Windows since it resides in the firmware. The backdoor could also affect other devices on your network, such as NAS devices, that the program tries to connect to for updates.
How can you protect yourself?
Eclypsium has published a list of affected motherboard models here. You can also use a tool like Speccy or Terminal to find out your motherboard model and revision. If your motherboard is on the list, you should take the following steps:
Check for firmware updates manually from Gigabyte’s official website and use their BIOS flash tool to apply them. Make sure you download the correct version for your motherboard model and revision.
Scan your system for malware using a reputable antivirus program.
Gigabyte has released new firmware versions that mitigate the backdoor issue for some of the affected models. You should update your firmware as soon as possible if your model is among them.
More about this on Eclypsium website: Supply Chain Risk from Gigabyte App Center Backdoor – Eclypsium | Supply Chain Security for the Modern Enterprise
