A significant security vulnerability has been discovered in a wide range of Intel and AMD -based Gigabyte motherboards, including the latest Z790 and X670 units. The flaw originates from an insecure updater program used by Gigabyte to keep motherboard firmware up to date.
Cybersecurity researchers from Eclypsium (via Wired) have recently uncovered a hidden mechanism within the firmware of Gigabyte motherboards. The hidden code activates an updater program upon each system restart and is intended to keep the motherboard's firmware up to date. However, Eclypsium's investigation revealed that the implementation of this mechanism is insecure, potentially allowing it to be exploited. If the code downloads without proper authentication over an unprotected HTTP connection, it could potentially be intercepted, allowing for a man-in-the-middle attack.
The hidden firmware mechanism operates outside of the computer's operating system, making it challenging for users to detect or remove. John Loucaides, Eclypsium's strategy and research lead, highlighted the issue, emphasising the lack of user involvement and proper security measures. Eclypsium has compiled a list of 271 Gigabyte motherboard models affected by the hidden firmware mechanism.
Eclypsium has shared its findings with Gigabyte, and the motherboard manufacturer has already issued a statement regarding this situation. The company has taken immediate action to mitigate potential risks, uploading BIOS updates to the Intel 700/600 and AMD 500/400 series motherboards affected. With the latest BIOSes, the company implemented a signature verification system and limited privileged access to the firmware, protecting users from potential malicious activities.
These new BIOSes are now available for most motherboards affected by this issue. If you have one of these boards, we recommend downloading and updating it as soon as possible.
Discuss on our Facebook page, HERE.
KitGuru says: Do you have a system with one of the affected motherboards?