271 Models of Gigabyte Motherboards Have Backdoor In BIOS

Back to Giveaway of the Day

Giveaway of the Day Forums » Technical notes

271 Models of Gigabyte Motherboards Have Backdoor In BIOS

(2 posts) (1 voice)

Started 1 year ago by mikiem2
Latest reply from mikiem2

mikiem2
Moderator

wired[.]com/story/gigabyte-motherboard-firmware-backdoor/

eclypsium[.]com/blog/supply-chain-risk-from-gigabyte-app-center-backdoor/

Lots of software can go online & self update, so apparently Gigabyte engineers thought that would be a good thing to add to the BIOS on their motherboards, an automatic utility to check for and apply BIOS updates. That's a Bad idea in general, Worse coming from Gigabyte -- out of 18 BIOS [firmware] updates released for this PC, 6 have worked, more or less, with only 3 ranked good. And to make this situation even worse, according to Eclypsium, a security company focusing on infrastructure code, everything about this auto-update feature is insecure. Gigabyte has already responded and is working to patch things up, but you can bet that since this was reported, hackers are working furiously to craft bootkit exploits. If you have one of the motherboard models listed here: eclypsium[.]com/wp-content/uploads/Gigabyte-Affected-Models.pdf by all means make sure the feature's off in the BIOS settings, then keep an eye on the Gigabyte support page for your motherboard and update the BIOS as soon as something new is available. Note: jot down the current BIOS settings before updating so you can make sure those settings are correct afterwards, back up the current BIOS, because as I mentioned very many Gigabyte BIOS updates are trash, and finally, keep a close eye on things so you can spot any problems resulting from the BIOS update.

Posted 1 year ago #
mikiem2
Moderator

bleepingcomputer[.]com/news/security/gigabyte-releases-new-firmware-to-fix-recently-disclosed-security-flaws/

GIGABYTE has released firmware updates to fix security vulnerabilities in over 270 motherboards that could be exploited to install malware.

The firmware updates were released last Thursday in response to a report by hardware security company Eclypsium, who found flaws in a legitimate GIGABYTE feature used to install a software auto-update application in Windows.

Windows includes a feature called Windows Platform Binary Table (WPBT) that allows firmware developers to automatically extract an executable from the firmware image and execute it in the operating system.

"The WPBT allows vendors and OEMs to run an .exe program in the UEFI layer. Every time Windows boots, it looks at the UEFI, and runs the .exe. It's used to run programs that aren't included with the Windows media," explains Microsoft.

GIGABYTE motherboards use the WPBT feature to automatically install an auto-update application to '%SystemRoot%\system32\GigabyteUpdateService.exe' on new installations of Windows.

While enabled by default, this feature can be disabled in the BIOS settings under the Peripherals tab > APP Center Download & Install Configuration configuration option.

While the risks from these vulnerabilities is likely low, all GIGABYTE motherboard users are advised to install the latest firmware updates to benefit from the security fixes.

Furthermore, if you wish to remove the GIGABYTE auto-update application, you should first turn off the 'APP Center Download & Install Configuration' setting in the BIOS and then uninstall the software in Windows.

Posted 1 year ago #

RSS feed for this topic

Reply

You must log in to post.