With good intentions, Gigabyte has released a series of motherboards with firmware capable of updating itself automatically. But hell is full of good intentions. The feature created by Gigabyte was not installed very securely, which leaves the computer vulnerable to backdoor attacks.
Installing malicious programs on the motherboard’s firmware (and other hardware) is one of the most efficient means of breaking into a computer. In backdoor attacks, attackers remotely access the target using a seemingly secure program, using the “back door” of software or firmware—as in the case of Gigabyte motherboards.
Vulnerability affects motherboards since 2018
According to Eclypsium, the security company that found the vulnerability, virtually every motherboard released from 2018 to today has this problematic firmware. The company has published a list of all affected models. The feature can be uninstalled in the UEFI configuration by accessing the “Download and Installation Center”.
From motherboards with entry-level chipsets to powerful Z790s come out of the factory with poorly protected firmware. When the user turns on the computer, this firmware can perform downloads and other software. Because it is located on the motherboard itself, the feature is more difficult for users to detect.
Gigabyte’s proposal is good: the firmware updates itself automatically, pulling the latest versions directly from the official server of the manufacturer or from some storage device. The problem is that the UEFI code is bad, allowing the installation of any program without checking the origin and authenticity.
Eclypsium says it has not discovered any cyberattacks originating from the firmware. However, the risks that vulnerability brings sound catastrophic and even “cinematic.” For example, an intrusion into Gigabyte’s systems could lead a group of attackers to install malware directly on the motherboards’ production line, or intercept the connection between the company’s servers.
There is also a “simpler” and less “spectacular” attack: the bad old Trojan horse. A cybercriminal may just publish a malicious program that takes advantage of the firmware vulnerability to attack one or multiple computers.
To date, Gigabyte has not commented on the case.