A large number of GIGABYTE motherboards are reportedly affected by a vulnerability that could be seriously bad news.
That's according to cybersecurity outfit Eclypsium, which runs a system that heuristically picked up backdoor-like behavior in PCs with GIGABYTE mobos in the wild.
Embarking on an investigation and subsequent analysis, Eclypsium pinned down the problem to GIGABYTE's firmware and a compact updater app therein (designed to ensure the firmware stays fully up to date).
The security firm has listed the motherboards which are susceptible to the reported threat, and they consist of both AMD and Intel models - 271 of them, to be precise, including the most recent platforms (Z790 and X670).
As Tom's Hardware, which spotted this, further clarifies, this could potentially affect similar utilities for updating firmware from other motherboard vendors, too. Some chatter on Twitter is already drawing comparisons between the evidence Eclypsium turned up for the GIGABYTE vulnerability and ASRock's software (obviously treat that with a sizeable degree of caution for the time being).
In GIGABYTE's case, the vulnerable updater program connects to the internet every time the PC boots, checking for new firmware (and offering to download it, if present).
The trouble is that the motherboard maker's implementation of that code is insecure, we're informed. An attacker can exploit the updater because it downloads code to the PC without proper validation, leaving it vulnerable to Machine-in-the-middle attacks.
There's another peril here, too, as the updater can also download firmware from a NAS on the local network, and a malicious party could potentially spoof that NAS.
Furthermore, there's no easy way to get rid of this updater - stuck in the firmware as it is - but there are countermeasures you can take to avoid being hit by this potential avenue of exploitation.
The main recommendation from Eclypsium is to disable GIGABYTE's 'App Center Download & Install' feature in the motherboard's firmware (this is what fires up the updater). The security company further advises setting up a BIOS password.
The other alternative is to cut off the updater at the other end and block the sites that the program connects to. Those are as follows:
- http://mb.download.gigabyte.com/FileList/Swhttp/LiveUpdate4
- https://mb.download.gigabyte.com/FileList/Swhttp/LiveUpdate4
- https://software-nas/Swhttp/LiveUpdate4
Blizzard praises Microsoft's 'let it be' hands-off approach to management
Target confirms plans to reduce physical media, but games are unaffected
Fallout 4 conquers PlayStation Plus charts amid TV show success
Meet Microsoft's VASA-1: AI can now take a photo and turn it into a 'talking head' video clip
Microsoft has brought its OneNote app to the Apple Vision Pro, get it now
FlexiSpot C7B-Mesh Ergonomic Office Chair Review
Samsung G8 34-inch QD-OLED Gaming Monitor Review - 175Hz for $900
ASRock NUCBOX-155H Mini PC Review
NuPhy Air96 V2 Wireless Mechanical Keyboard Review
TEAM T-FORCE Siren DUO360 RGB Liquid CPU Cooler Review
AVerMedia Live Streamer ULTRA HD Review
AVerMedia Live Gamer 4K 2.1 Review
XPG Invader X Mid-Tower Chassis Review
Intel Core i9-14900KS CPU Review
Arbiter Polar 65 Magnetic Gaming Keyboard Review
Everything you need to know about the latest ASUS NUC Mini PCs - NUC 14 Pro and ROG NUC
How to Overclock Your GPU and Boost Your PC Gaming with ASUS GPU Tweak III
ASUS's AMD Radeon RX 7000 Series GPU lineup has something for every gamer
ASUS OLED Premium Care defends the ROG Swift OLED PG32UCDM gaming monitor from burn-in
Patriot Viper Xtreme 5 Engineering Prototype 48GB Dual-Channel Memory Kit Preview