Research firm Eclysium has discovered a serious vulnerability in Gigabyte UEFI firmware installed on hundreds of motherboard models. The backdoor allows you to install BIOS updates from insecure web servers. This code was used by Gigabyte to install BIOS updates either over the Internet or from an attached storage on the local network. However, the tool is unprotected and a knowledgeable attacker can upload their own BIOS code to the PC motherboard.
Image source: pexels.com
An issue has been identified in the Gigabyte App Center utility executable that can install new UEFI BIOS firmware by downloading it from an insecure Gigabyte server and installing the software without digital signature verification.
This vulnerability could allow attackers to use an OEM backdoor to download malicious code such as rootkits, either directly to a user’s computer or by compromising Gigabyte’s own server. Man-in-the-middle attacks that intercept the boot process are also possible. Eclysium has released three gigabyte URLs that users are advised to block to prevent online updates.
Hundreds of models affected retail and corporate Motherboards, including some of the latest motherboards for high-end system builders. The full list can be viewed Here (PDF link). Eclysium claims to have informed Gigabyte of the vulnerability and that the company plans to fix the problem, presumably with a firmware update, causing nervous laughter. Detailed technical information about the discovery of the vulnerability can be found in blog companies Eclysium.
Add Comment