Category: IT|Jun 1, 2023 | Author: Admin

If you do not deactivate Gigabyte's function, you may be at risk of hackers

Share on

The security company Eclypsium has revealed that Gigabyte motherboards have a backdoor that few users know about.

If you do not deactivate Gigabyte's function, you may be at risk of hackers

We make it clear that we are working to correct the security problem.

 

Almost 300 cards on the list


The reason must be that the company wants to be able to quickly update the motherboard firmware, but according to John Loucaides from Eclypsium, the manufacturer has not done enough to secure access. The security company has a long list of affected motherboards (271) – the list includes B, H, Z, and X series motherboards from the major manufacturer.

 

To Wired, Loucaides states that "if you have one of these machines, you have to worry about the fact that it basically fetches something from the web and runs it without you being involved and that this is not done in a secure way," explains the security expert and adds that "the concept of going around the end user and taking over their machine is something most people don't like very much."

 

“Transfer not secure”


It was during a general check of BIOS security that the researchers came across the discovery. It is actually the case that Gigabyte transfers an executable file to Windows machines, which runs when the OS starts.

 

Then the small program (%SystemRoot%\system32\GigabyteUpdateService.exe) downloads and runs the code from Gigabyte to update the motherboards. It is in the download section that Eclypsium believes that security is not present.

 

Depending on your setup, the program downloads updates from mb.download.gigabyte.com/FileList/Swhttp/LiveUpdate4, mb.download.gigabyte.com/FileList/Swhttp/LiveUpdate4 or software-nas/Swhttp/LiveUpdate4.

 

We noticed that even when using the HTTPS-enabled options, remote server certificate validation is not implemented correctly. Therefore, “Machine-in-the-middle” attacks are also possible in this case.

 

The "APP Center Download & Install" function in BIOS/UEFI must be active for such installations to take place. The strange thing is that the feature "appears to be disabled by default, but it was enabled on the systems we examined."

 

If you have one of the cards on the list, you may want to disable the APP download function if it is switched on and you prefer to be in control yourself.

Sponsored Ads:

Comments:


Linux-14-05-25.png

Microsoft fixes Linux boot issues on dual-boot Windows systems

Category: Microsoft|May 14, 2025 | Author: Admin
Windows_11-13-05-25.png

Windows 11 upgrade block lifted after Safe Exam Browser fix

Category: Microsoft|May 13, 2025 | Author: Admin
bluetooth-12-05-25.png

Bluetooth 6.1 enhances privacy with randomized RPA timing

Category: IT|May 12, 2025 | Author: Admin
ChatGPT-22-05-25.png

ChatGPT is finally adding Download as PDF for Deep Research

Category: IT|May 11, 2025 | Author: Admin
Microsoft-Teams-10-05-25.png

Microsoft Teams will soon block screen capture during meetings

Category: Microsoft|May 10, 2025 | Author: Admin
cryptocurrency-header-09-05-25.png

Germany takes down eXch cryptocurrency exchange, seizes servers

Category: IT|May 9, 2025 | Author: Admin
Discord-08-05-25.png

Malicious PyPi package hides RAT malware, targets Discord devs since 2022

Category: IT|May 8, 2025 | Author: Admin
WordPress-headpic-07-05-25.png

Hackers exploit OttoKit WordPress plugin flaw to add admin accounts

Category: IT|May 7, 2025 | Author: Admin
apache-header-image-06-05-25.png

Apache Parquet exploit tool detect servers vulnerable to critical flaw

Category: IT|May 6, 2025 | Author: Admin
co-op-05-05-25.png

Co-op confirms data theft after DragonForce ransomware claims attack

Category: IT|May 5, 2025 | Author: Admin
magecart-04-05-25.png

Magento supply chain attack compromises hundreds of e-stores

Category: IT|May 4, 2025 | Author: Admin
Microsoft_logo-03-05-25.png

Microsoft ends Authenticator password autofill, moves users to Edge

Category: Microsoft|May 3, 2025 | Author: Admin
TikTok-02-05-25.png

TikTok fined €530 million for sending European user data to China

Category: IT|May 2, 2025 | Author: Admin
Image-1-mai-2025-23_44_29-01-05-25.png

1. mai – En dag for solidaritet, samhold og kamp for rettferdighet

Category: Norge|May 1, 2025 | Author: Admin
cloudflare-ddos-30-04-25.png

Cloudflare mitigates record number of DDoS attacks in 2025

Category: IT|Apr 30, 2025 | Author: Admin
more