Category: IT|Jun 1, 2023 | Author: Admin

If you do not deactivate Gigabyte's function, you may be at risk of hackers

Share on

The security company Eclypsium has revealed that Gigabyte motherboards have a backdoor that few users know about.

We make it clear that we are working to correct the security problem.

 

Almost 300 cards on the list


The reason must be that the company wants to be able to quickly update the motherboard firmware, but according to John Loucaides from Eclypsium, the manufacturer has not done enough to secure access. The security company has a long list of affected motherboards (271) – the list includes B, H, Z, and X series motherboards from the major manufacturer.

 

To Wired, Loucaides states that "if you have one of these machines, you have to worry about the fact that it basically fetches something from the web and runs it without you being involved and that this is not done in a secure way," explains the security expert and adds that "the concept of going around the end user and taking over their machine is something most people don't like very much."

 

“Transfer not secure”


It was during a general check of BIOS security that the researchers came across the discovery. It is actually the case that Gigabyte transfers an executable file to Windows machines, which runs when the OS starts.

 

Then the small program (%SystemRoot%\system32\GigabyteUpdateService.exe) downloads and runs the code from Gigabyte to update the motherboards. It is in the download section that Eclypsium believes that security is not present.

 

Depending on your setup, the program downloads updates from mb.download.gigabyte.com/FileList/Swhttp/LiveUpdate4, mb.download.gigabyte.com/FileList/Swhttp/LiveUpdate4 or software-nas/Swhttp/LiveUpdate4.

 

We noticed that even when using the HTTPS-enabled options, remote server certificate validation is not implemented correctly. Therefore, “Machine-in-the-middle” attacks are also possible in this case.

 

The "APP Center Download & Install" function in BIOS/UEFI must be active for such installations to take place. The strange thing is that the feature "appears to be disabled by default, but it was enabled on the systems we examined."

 

If you have one of the cards on the list, you may want to disable the APP download function if it is switched on and you prefer to be in control yourself.

Sponsored Ads:

Comments:


TEST

Google US antitrust trial: A timeline

Category: Google|Sep 26, 2023 | Author: Admin

Changes color when you touch it

Category: Apple|Sep 25, 2023 | Author: Admin

Ridicules Apple and the iPhone

Category: IT|Sep 24, 2023 | Author: Admin

The iPhone will get this later this year

Category: Apple|Sep 23, 2023 | Author: Admin

You should now launch Steam

Category: General|Sep 22, 2023 | Author: Admin

You need to update again

Category: Apple|Sep 21, 2023 | Author: Admin

Be warned before you make the big mistake

Category: General|Sep 20, 2023 | Author: Admin

“We were bullied by Apple”

Category: Apple|Sep 19, 2023 | Author: Admin

We weren't supposed to know this

Category: Microsoft|Sep 18, 2023 | Author: Admin

Apple's clever trick

Category: Apple|Sep 17, 2023 | Author: Admin

Price cut

Category: IT|Sep 16, 2023 | Author: Admin

Sold out

Category: Apple|Sep 15, 2023 | Author: Admin

What Apple has done is bizarre

Category: Apple|Sep 14, 2023 | Author: Admin

Ban iPhone 12

Category: Apple|Sep 13, 2023 | Author: Admin

Intel's Thunderbolt 5 could be the cable upgrade we've been waiting for

Category: IT|Sep 12, 2023 | Author: Admin
more