A large number of GIGABYTE motherboards are reportedly affected by a vulnerability that could be seriously bad news.
That's according to cybersecurity outfit Eclypsium, which runs a system that heuristically picked up backdoor-like behavior in PCs with GIGABYTE mobos in the wild.
Embarking on an investigation and subsequent analysis, Eclypsium pinned down the problem to GIGABYTE's firmware and a compact updater app therein (designed to ensure the firmware stays fully up to date).
The security firm has listed the motherboards which are susceptible to the reported threat, and they consist of both AMD and Intel models - 271 of them, to be precise, including the most recent platforms (Z790 and X670).
As Tom's Hardware, which spotted this, further clarifies, this could potentially affect similar utilities for updating firmware from other motherboard vendors, too. Some chatter on Twitter is already drawing comparisons between the evidence Eclypsium turned up for the GIGABYTE vulnerability and ASRock's software (obviously treat that with a sizeable degree of caution for the time being).
In GIGABYTE's case, the vulnerable updater program connects to the internet every time the PC boots, checking for new firmware (and offering to download it, if present).
The trouble is that the motherboard maker's implementation of that code is insecure, we're informed. An attacker can exploit the updater because it downloads code to the PC without proper validation, leaving it vulnerable to Machine-in-the-middle attacks.
There's another peril here, too, as the updater can also download firmware from a NAS on the local network, and a malicious party could potentially spoof that NAS.
Furthermore, there's no easy way to get rid of this updater - stuck in the firmware as it is - but there are countermeasures you can take to avoid being hit by this potential avenue of exploitation.
The main recommendation from Eclypsium is to disable GIGABYTE's 'App Center Download & Install' feature in the motherboard's firmware (this is what fires up the updater). The security company further advises setting up a BIOS password.
The other alternative is to cut off the updater at the other end and block the sites that the program connects to. Those are as follows: