Category: IT|Jun 1, 2023 | Author: Admin
If you do not deactivate Gigabyte's function, you may be at risk of hackers
Share onThe security company Eclypsium has revealed that Gigabyte motherboards have a backdoor that few users know about.
We make it clear that we are working to correct the security problem.
Almost 300 cards on the list
The reason must be that the company wants to be able to quickly update the motherboard firmware, but according to John Loucaides from Eclypsium, the manufacturer has not done enough to secure access. The security company has a long list of affected motherboards (271) – the list includes B, H, Z, and X series motherboards from the major manufacturer.
To Wired, Loucaides states that "if you have one of these machines, you have to worry about the fact that it basically fetches something from the web and runs it without you being involved and that this is not done in a secure way," explains the security expert and adds that "the concept of going around the end user and taking over their machine is something most people don't like very much."
“Transfer not secure”
It was during a general check of BIOS security that the researchers came across the discovery. It is actually the case that Gigabyte transfers an executable file to Windows machines, which runs when the OS starts.
Then the small program (%SystemRoot%\system32\GigabyteUpdateService.exe) downloads and runs the code from Gigabyte to update the motherboards. It is in the download section that Eclypsium believes that security is not present.
Depending on your setup, the program downloads updates from mb.download.gigabyte.com/FileList/Swhttp/LiveUpdate4, mb.download.gigabyte.com/FileList/Swhttp/LiveUpdate4 or software-nas/Swhttp/LiveUpdate4.
We noticed that even when using the HTTPS-enabled options, remote server certificate validation is not implemented correctly. Therefore, “Machine-in-the-middle” attacks are also possible in this case.
The "APP Center Download & Install" function in BIOS/UEFI must be active for such installations to take place. The strange thing is that the feature "appears to be disabled by default, but it was enabled on the systems we examined."
If you have one of the cards on the list, you may want to disable the APP download function if it is switched on and you prefer to be in control yourself.
Sponsored Ads:
Comments:
Microsoft fixes Linux boot issues on dual-boot Windows systems
Category: Microsoft|May 14, 2025 | Author: Admin
Windows 11 upgrade block lifted after Safe Exam Browser fix
Category: Microsoft|May 13, 2025 | Author: Admin
Bluetooth 6.1 enhances privacy with randomized RPA timing
Category: IT|May 12, 2025 | Author: Admin
ChatGPT is finally adding Download as PDF for Deep Research
Category: IT|May 11, 2025 | Author: Admin
Microsoft Teams will soon block screen capture during meetings
Category: Microsoft|May 10, 2025 | Author: Admin
Germany takes down eXch cryptocurrency exchange, seizes servers
Category: IT|May 9, 2025 | Author: Admin
Malicious PyPi package hides RAT malware, targets Discord devs since 2022
Category: IT|May 8, 2025 | Author: Admin
Hackers exploit OttoKit WordPress plugin flaw to add admin accounts
Category: IT|May 7, 2025 | Author: Admin
Apache Parquet exploit tool detect servers vulnerable to critical flaw
Category: IT|May 6, 2025 | Author: Admin
Co-op confirms data theft after DragonForce ransomware claims attack
Category: IT|May 5, 2025 | Author: Admin
Magento supply chain attack compromises hundreds of e-stores
Category: IT|May 4, 2025 | Author: Admin
Microsoft ends Authenticator password autofill, moves users to Edge
Category: Microsoft|May 3, 2025 | Author: Admin
TikTok fined €530 million for sending European user data to China
Category: IT|May 2, 2025 | Author: Admin
1. mai – En dag for solidaritet, samhold og kamp for rettferdighet
Category: Norge|May 1, 2025 | Author: Admin