Researchers at security firm Eclypsium have discovered a backdoor on hundreds of models of Gigabyte motherboards. This allows malicious parties to download malware that is largely invisible. Researchers say the problem has not yet been solved.
The researchers found that the motherboard’s UEFI firmware unlocks the Windows binary on the PC and then executes it during the operating system startup. This .net file downloads and then performs another payload that comes from Gigabyte’s servers. This is done to update the firmware, but the way it happens According to the researchers in an insecure way.
This is due to downloading the payload over an insecure http protocol or an improperly configured https connection. The file is not validated at all before it is downloaded. This makes it relatively easy for a man-in-the-middle attack to be carried out by malicious parties, who can actually infect victims’ computers with malware in this way, say the Eclypsium research team.
The backdoor does not appear to have been abused yet, although the researchers warn that this is still possible. The leak has not yet been closed, but the security company says it is in talks with Gigabyte. According to the blog post, the latter plans to quickly fix the issue.
Eclypsium reports 271 motherboard examples using this backdoor. So there may be millions of motherboards with this vulnerability. The company has all motherboards with this backdoor in one pdf overview Developed. Users who own this motherboard are advised to temporarily disable the APP Center Download & Install function in the motherboard’s UEFI BIOS and set a BIOS password so that the function cannot be re-enabled automatically.
“Lifelong zombie fanatic. Hardcore web practitioner. Thinker. Music expert. Unapologetic pop culture scholar.”