Gigabyte Motherboards Found to Have Backdoor Functionality, Posing Security Risks
In a recent discovery by firmware and hardware security company Eclypsium, it has come to light that hundreds of motherboard models manufactured by Gigabyte, a prominent Taiwanese computer components giant, contain backdoor functionality that could pose significant risks to organizations. The revelation has raised concerns about the security of millions of devices worldwide.
Eclypsium researchers detected the backdoor functionality based on suspicious behavior associated with it, triggering an alert within the company’s platform. Upon further investigation, they found that the firmware installed on numerous Gigabyte systems includes a Windows binary file that is executed during the boot-up process of the operating system. This file then proceeds to download and execute an additional payload obtained from Gigabyte servers.
What makes this discovery even more alarming is that the payload is downloaded over an insecure connection, either through HTTP or improperly configured HTTPS. Furthermore, the legitimacy of the downloaded file is not verified, making it susceptible to tampering or exploitation.
While there is currently no evidence to suggest that this backdoor has been utilized for malicious purposes, Eclypsium highlights the possibility that it may be a malicious backdoor planted within Gigabyte systems. This could have occurred either through the actions of a malicious insider or due to a compromise in the company’s infrastructure. Another potential concern is that the backdoor might have been introduced somewhere within the supply chain.
Even if the backdoor functionality is determined to be legitimate, Eclypsium warns that it could still be exploited by threat actors. Skilled hackers often take advantage of such tools in their attacks. UEFI rootkits, for instance, have been known to leverage firmware vulnerabilities to ensure the persistence of Windows malware on compromised systems. Additionally, removing these types of firmware backdoors can prove to be challenging.
Our Readers ALSO READThe Keepass Exploit: How Attackers Can Recover Master Passwords from Memory
Eclypsium further cautions that cybercriminals could exploit the insecure connection between Gigabyte systems and the company’s servers to conduct man-in-the-middle (MitM) attacks. This would enable them to replace the legitimate payload with a malicious one, potentially compromising the integrity and security of the affected systems.
To shed light on the extent of the issue, Eclypsium has published a list of over 270 Gigabyte motherboard models known to be affected. This indicates that millions of devices worldwide may be vulnerable to backdoor functionality. The company has been collaborating with Gigabyte to address the issue, which will likely require a firmware update to mitigate the associated risks.
It’s worth noting that Gigabyte products have been targeted in the past by threat actors, who have employed sophisticated UEFI rootkits in their attacks. These incidents emphasize the importance of maintaining robust security measures and promptly addressing vulnerabilities to safeguard against potential exploitation.
As the situation unfolds, it is crucial for Gigabyte users to remain vigilant and stay informed about any recommended security updates or patches provided by the company. Organizations and individuals should prioritize the installation of firmware updates as they become available to mitigate the risks posed by this backdoor functionality. By taking proactive steps to address these vulnerabilities, users can help ensure the security of their systems and data.