Security flaw found in hundreds of Gigabyte motherboard models
Researchers at cybersecurity firm Eclypsium have discovered a vulnerability in Gigabyte firmware that puts 271 motherboards at risk of exploitation, the company revealed in a blog post.
The firm assessed Gigabyte’s firmware update code and found its implementation to be unsafe and vulnerable to attacks.
The firmware update code launches a program that connects to the Internet after every restart to check and download the latest firmware for the motherboard.
Moreover, the updater program resides in Gigabyte’s motherboard firmware, making it difficult for users to disable it.
The .NET application pings three different sites for firmware updates:
- http://mb.download.gigabyte.com/FileList/Swhttp/LiveUpdate4
- https://mb.download.gigabyte.com/FileList/Swhttp/LiveUpdate4
- https://software-nas/Swhttp/LiveUpdate4
Eclypsium found that the updater downloads code to the user’s system without proper authentication, including a lack of any cryptographic digital signature verification or other validation methods.
This makes HTTP and HTTPS connections vulnerable to man-in-the-middle (MitM) attacks.
The firm also found that the updater could download firmware updates from a NAS device on a local network, which is concerning as malicious actors can spoof the NAS device to infect the system with spyware.
The firm advises that users de-activate the “APP Center Download & Install” feature inside the motherboard’s firmware, implement a BIOS-level password, and block the three sites the updater pings.
Eclypsium published a full list of affected motherboard models. It is available here.
Loading ...