Own a GIGABYTE motherboard? It might be affected by a nasty vulnerability

Some 270 GIGABYTE motherboards (on AMD and Intel platforms) are apparently affected - and it's worth checking if yours is one of them.

1 minute & 35 seconds read time

A large number of GIGABYTE motherboards are reportedly affected by a vulnerability that could be seriously bad news.

That's according to cybersecurity outfit Eclypsium, which runs a system that heuristically picked up backdoor-like behavior in PCs with GIGABYTE mobos in the wild.

Embarking on an investigation and subsequent analysis, Eclypsium pinned down the problem to GIGABYTE's firmware and a compact updater app therein (designed to ensure the firmware stays fully up to date).

The security firm has listed the motherboards which are susceptible to the reported threat, and they consist of both AMD and Intel models - 271 of them, to be precise, including the most recent platforms (Z790 and X670).

As Tom's Hardware, which spotted this, further clarifies, this could potentially affect similar utilities for updating firmware from other motherboard vendors, too. Some chatter on Twitter is already drawing comparisons between the evidence Eclypsium turned up for the GIGABYTE vulnerability and ASRock's software (obviously treat that with a sizeable degree of caution for the time being).

In GIGABYTE's case, the vulnerable updater program connects to the internet every time the PC boots, checking for new firmware (and offering to download it, if present).

The trouble is that the motherboard maker's implementation of that code is insecure, we're informed. An attacker can exploit the updater because it downloads code to the PC without proper validation, leaving it vulnerable to Machine-in-the-middle attacks.

There's another peril here, too, as the updater can also download firmware from a NAS on the local network, and a malicious party could potentially spoof that NAS.

Furthermore, there's no easy way to get rid of this updater - stuck in the firmware as it is - but there are countermeasures you can take to avoid being hit by this potential avenue of exploitation.

The main recommendation from Eclypsium is to disable GIGABYTE's 'App Center Download & Install' feature in the motherboard's firmware (this is what fires up the updater). The security company further advises setting up a BIOS password.

The other alternative is to cut off the updater at the other end and block the sites that the program connects to. Those are as follows:

  • http://mb.download.gigabyte.com/FileList/Swhttp/LiveUpdate4
  • https://mb.download.gigabyte.com/FileList/Swhttp/LiveUpdate4
  • https://software-nas/Swhttp/LiveUpdate4
Buy at Amazon

AMD Ryzen 7 5800X 8-core, 16-Thread Unlocked Desktop Processor

TodayYesterday7 days ago30 days ago
* Prices last scanned on 9/21/2023 at 4:56 pm CDT - prices may not be accurate, click links above for the latest price. We may earn an affiliate commission.

Darren has written for numerous magazines and websites in the technology world for almost 30 years, including TechRadar, PC Gamer, Eurogamer, Computeractive, and many more. He worked on his first magazine (PC Home) long before Google and most of the rest of the web existed. In his spare time, he can be found gaming, going to the gym, and writing books (his debut novel – ‘I Know What You Did Last Supper’ – was published by Hachette UK in 2013).

What's in Darren's PC?

Newsletter Subscription

Related Tags