Warning of GIGABYTE Motherboard Vulnerability

The National Cyber Security Centre SK-CERT warns of a vulnerability in motherboards from the manufacturer GIGABYTE, which are popular and often used in the Slovak market as well.

GIGABYTE motherboards have a built-in motherboard firmware update mechanism that contains security vulnerabilities. Each time the computer reboots, the firmware initiates an update programme, and thus downloading and running additional software. No individual user consent is required for downloading. Security researchers have found vulnerabilities in this mechanism, exploitable by an attacker to install malicious code.

Eclypsium, the company that discovered the vulnerability, says that it is a tool to keep the motherboard firmware updated. In addition to implementation mistakes, one of the three websites for installing the software is HTTP-based, which means poor security and an increased risk of exploitation by attackers to install software that may allow them to take control of the device.

The vulnerability should concern more than 270 GIGABYTE motherboard models; the company has published a list of affected models: https://eclypsium.com/wp-content/uploads/Gigabyte-Affected-Models.pdf.

Eclypsium says that the vulnerability is not being actively exploited yet, but an active backdoor poses a risk to users of vulnerable products.

Regarding the mentioned vulnerability, the National Cyber Security Centre SK-CERT recommends the following to all users of these products:

  • disable the “APP Center Download & Install” function in the computer’s BIOS settings;
  • monitor the manufacturer’s website for any security updates released for the affected devices;
  • set a strong and unique password to enter the BIOS;
  • if the motherboard supports the GIGABYTE Remote Management Console, ensure that it is not accessible from the Internet;
  • in the event of a cybersecurity incident detection, report the incident to the National Cyber Security Centre SK-CERT at [email protected].

Sources

https://eclypsium.com/blog/supply-chain-risk-from-gigabyte-app-center-backdoor/

https://thehackernews.com/2023/05/critical-firmware-vulnerability-in.html


« Späť na zoznam
Current threats
all publications
Links