Gigabyte is one of the most popular makers of PC motherboards, especially for hardcore gamers. However, many of those motherboards have a previously undiscovered firmware backdoor. That design could lead to hackers sending in malicious software through that backdoor, and into the PC of those Gigabyte board owners.
The backdoor was revealed earlier this week by cybersecurity firm Eclypsium (via Wired). In its blog post, the firm claims that it has seen evidence of Gigabyte motherboard-based backdoor activity. While this feature was designed so that Gigabyte could quickly update the firmware of its motherboards, Eclypsium says the company didn't do enough to secure it.
John Loucaides of Eclypsium spoke to Wired about this situation:
If you have one of these machines, you have to worry about the fact that it’s basically grabbing something from the internet and running it without you being involved, and hasn’t done any of this securely.
If you have a Gigabyte motherboard inside your PC and want to find out if it has this previously hidden firmware backdoor, you can check out the list on Eclypsium's site. There are quite a lot of them, as it turns out. The firm has identified 271 Gigabyte motherboard models that have this security flaw. That means there could be millions of motherboards that have this issue.
Eclypsium says they have revealed their finding to Gigabyte and are working with the company on a solution for this firmware backdoor. As of this writing, Gigabyte has not issued a public statement about this motherboard flaw.
If your PC does have one of the motherboards on Eclypsium's list, you can do something to prevent its firmware from being highjacked, according to Eclypsium.
Inspect and disable the “APP Center Download & Install” feature in UEFI/BIOS Setup on Gigabyte systems and set a BIOS password to deter malicious changes.
If your business or organization uses PCs with affected Gigabyte motherboards, Eclypsium says your IT administrator can also block the following URLs:
- http://mb.download.gigabyte.com/FileList/Swhttp/LiveUpdate4
- https://mb.download.gigabyte.com/FileList/Swhttp/LiveUpdate4
- https://software-nas/Swhttp/LiveUpdate4
Even if the company does provide a software fix to secure this backdoor, it's possible many PCs that have Gigabyte boards may not accept the firmware update. If that turns out to be the case, this issue could continue to keep PCs with these motherboards open to cyberattacks.
19 Comments - Add comment