Home » Technology » Backdoor Discovered in Hundreds of Gigabyte Motherboard Models Allowing Unseen Malware Download, Warns Security Company Eclypsium

Backdoor Discovered in Hundreds of Gigabyte Motherboard Models Allowing Unseen Malware Download, Warns Security Company Eclypsium

Researchers at security company Eclypsium have discovered a backdoor in hundreds of Gigabyte motherboard models. This allows malicious parties to download malware largely unseen. The problem has not yet been solved, the researchers say.

The researchers found that the motherboard’s uefi firmware unleashes a Windows binary on the PC and then executes it during operating system startup. That .net file downloads and then executes another payload that comes from the Gigabyte servers. This is done to keep the firmware up to date, but the way it happens according to the researchers in an unsafe manner.

This is because the payload is downloaded via an insecure http or an incorrectly configured https connection. The file is also not validated at all before it is downloaded. This makes it relatively easy to carry out a man-in-the-middle attack by malicious parties, who can virtually invisibly infect victims’ computers with malware in this way, says the Eclypsium research team.

The backdoor does not seem to have been abused yet, although the researchers warn that this is still possible. The leak has not yet been closed, but the security company says it is in talks with Gigabyte. According to the blog post, the latter plans to fix the problem quickly.

Eclypsium reports 271 motherboard models using this backdoor. So there may be millions of motherboards with this vulnerability. The company has all motherboards with this backdoor in one pdf overview placed. Users who own such a motherboard are advised to temporarily disable the APP Center Download & Install function in the BIOS UEFI of the motherboard and set a BIOS password so that the function cannot be automatically re-enabled.

2023-05-31 18:19:00
#Researchers #discover #unpatched #backdoor #Gigabyte #motherboards

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.