Updated News Around the World

Gigabyte shipped millions of motherboards with a dangerous firmware backdoor

According to cybersecurity experts from Eclypsium, computer hardware manufacturer Gigabyte installed a backdoor in the firmware of its motherboards, putting 271 motherboard models at risk of being hacked. The lengthy list of affected models features nearly every motherboard Gigabyte has put out in recent years, including the latest Z790 and X670 units.

As Eclypsium’s blog explains, Gigabyte embedded a Windows executable into the firmware of its motherboards that runs when the computer boots up. In other words, every time you reboot your computer, code in the motherboard’s firmware initiates Gigabyte’s app center, which downloads and runs an executable payload from the internet.

“The firmware does not implement any cryptographic digital signature verification or any other validation over the executables,” Eclypsium warns. “The dropped executable and the normally-downloaded Gigabyte tools do have a Gigabyte cryptographic signature that satisfies the code signing requirements of Microsoft Windows, but this does little to offset malicious use […] As a result, any threat actor can use this to persistently infect vulnerable systems either via MITM (machine-in-the-middle attacks) or compromised infrastructure.”

If you aren’t sure which motherboard your PC has, you can check by going to Start > Windows Tools > System Information. Look for “BaseBoard Manufacturer” and “BaseBoard Product.” If the product you see is on the list, you might want to take action.

Here are a few recommendations from Eclypsium to minimize risk:

  • Scan and monitor systems and firmware updates in order to detect affected Gigabyte systems and the backdoor-like tools embedded in firmware. Update systems to the latest validated firmware and software in order to address security issues like this one.
  • Inspect and disable the “APP Center Download & Install” feature in UEFI/BIOS Setup on Gigabyte systems and set a BIOS password to deter malicious changes.
  • Administrators can also block the following URLs:

Eclypsium is currently working with Gigabyte to address this backdoor implementation.

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! NewsUpdate is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.