Gigabyte Sold Millions of Motherboards with Firmware Backdoor

Cybersecurity researchers at Eclypsium have uncovered a concerning security flaw in millions of motherboards manufactured by Taiwanese firm Gigabyte (via Wired).


Gigabyte motherboards are widely used in gaming PCs and high-performance computers. The researchers found a mechanism in the firmware of these motherboards that triggers a hidden updater program.

Although the hidden code was originally intended to innocently update the motherboard’s firmware, Eclypsium discovered that it has been implemented insecurely, potentially allowing hackers to exploit the mechanism and install malware instead.

The fact that the updater program operates from the computer’s firmware, outside of the operating system, makes it difficult for users to detect or remove.

Eclypsium has identified 271 models of Gigabyte motherboards affected by this vulnerability, and users can verify their motherboard model by navigating to “Start” and then “System Information” on Windows.

Gigabyte motherbaords

In the past, hackers associated with Russia’s GRU military intelligence agency and Chinese state-sponsored groups have used similar techniques to install spyware on victims’ machines,

Eclypsium’s researchers were surprised to find Gigabyte’s updater mechanism exhibiting similar behavior.

Apart from concerns over Gigabyte silently installing code, the researchers also found glaring vulnerabilities in the update mechanism itself.

The code downloads without proper authentication and sometimes over an unprotected HTTP connection, leaving it susceptible to man-in-the-middle attacks.

Additionally, the mechanism allows the installation of updates from local network-attached storage devices (NAS), which can be exploited by malicious actors on the same network to install their own malware.

Eclypsium has been collaborating with Gigabyte to address these findings, and the motherboard manufacturer has expressed intentions to fix the issues.

However, even with a fix, firmware updates often encounter complications, potentially leaving the problem unresolved for years to come.

P.S. - Like our news? Support the site: become a Patreon subscriber. Or shop with our Amazon link, or buy us a coffee! We use affiliate links when possible--thanks for supporting independent media.