Well-known cybersecurity company Eclypsium has discovered a major security hole appearing on motherboards manufactured by Taiwanese computer hardware manufacturer Gigabyte Technology.
According to SlashGear, in a blog post detailing the issue, Eclypsium revealed a security vulnerability with a motherboard manufactured by Gigabyte that was found in the firmware. Although there have been no recorded cases of someone using this vulnerability to cause intentional damage, the fact that the vulnerability affects the motherboard’s auto-update function is really cause for concern. Eclyspium describes the vulnerability as an undetected backdoor for many years found on some Gigabyte motherboards
The problem lies in the shortcomings of Gigabyte’s update program, an important feature on motherboards. It is triggered when the motherboard tries to connect to the Gigabyte server to find a new software version, where the update program will ping three different websites for the updated version of the firmware. One of these websites does not have an SSL certificate and is completely unsecured, the researchers said. In the case of the other two links, despite obtaining a valid security certificate, Gigabyte is said to have failed to correctly implement the remote server certificate.
The irony here is that firmware updates are often used to fix vulnerabilities and security threats. However, in this case, the way the company is rolling out firmware updates exposes millions of users to serious security threats. In fact, Eclypsium said the updater executed various codes without proper user authentication.
Regarding the motherboards affected by the vulnerability, Eclypsium identified this number as 257 models that have been manufactured and sold by Gigabyte to consumers over the past few years. Among the affected products include Gigabyte’s latest Z790 and X670 models, alongside a long list of boards from AMD’s 400 series machines.
Because the vulnerability is at the BIOS level, it can be difficult for the average user to avoid threats. However, Eclypsium has shared some tips with users to explain how to stay safe from any potential problems caused by vulnerability this. For starters, the company recommends that users disable the feature called “APP Center Download & Install” in the motherboard’s BIOS, as well as apply a password to this feature. That will prevent the BIOS from performing an automatic firmware update check without user intervention.
Gigabyte has acknowledged the problem through a press release. In fact, the company has also started rolling out beta versions of the BIOS to patch the bug. Gigabyte’s latest Intel 700 series/600 series and AMD 500/400 series boards are the first motherboards to receive the updated firmware. Additionally, Gigabyte also said that a motherboard BIOS update for the Intel 500/400 and AMD 600 series is scheduled for release
