Researchers at Eclypsium found a critical vulnerability in UEFI firmware of Gigabyte motherboards, affecting millions of units from hundreds of models.
The bug was discovered in Gigabyte’s Firmware Updater Program, which automatically installs any new update from the OEM. This opens a way for automatic malware installation from any threat actor who successfully finds this backdoor. Gigabyte is working on a patch and is expected to come soon.
Security Bug in Gigabyte Motherboards
Cybersecurity firm Eclypsium noted a serious security bug in Gigabyte motherboards, affecting at least 271 models, leading up to millions of units in the wild. The vulnerability resides in the UEFI firmware of Gigabyte motherboards, where the company’s updater program allows any unauthorized package to install in the attached system!
Gigabyte’s Updater Program is meant for downloading and installing the latest firmware updates from OEM without any interaction from the user. While this is meant to ease and automate the updating process, this certainly makes a backdoor for anyone to exploit under certain conditions.
More specifically, threat actors can use this updater program to install malicious packages in the target system, as it allows any unauthenticated code. The more intriguing part is that the program allows sourcing updates from unsecured HTTP connections, potentially opening the door for man-in-the-middle attacks.
Researchers noted that most Gigabyte motherboards supporting both AMD and Intel CPUs are vulnerable, including the latest products for Z790 and X670 chips. Further, researchers said the updater could even allow package installations from connected network devices – which are on the same network – thus, the target system doesn’t necessarily need to be connected to the internet to be hit.
This opens up more scope for the attacker to hit the targeted machine by hijacking any connected system in the same network. Eclypsium has already contacted Gigabyte with its research, and the motherboard maker said it’s working on an update to fix this vulnerability soon. Until then, we have to assume that millions of motherboards are vulnerable to