Gigabyte Motherboards Were Sold With a Firmware Backdoor

S

SpacemanSpiff

Known around here
Apr 15, 2021
1,643
2,966
USA
Hidden code in hundreds of models of Gigabyte motherboards invisibly and insecurely downloads programs—a feature ripe for abuse, researchers say.

www.wired.com

Millions of PC Motherboards Were Sold With a Firmware Backdoor

Hidden code in hundreds of models of Gigabyte motherboards invisibly and insecurely downloads programs—a feature ripe for abuse, researchers say.
www.wired.com www.wired.com
 
  • Wow
Reactions: Jim I., samplenhold, JDreaming and 1 other person
So I guess if you have a Gigabyte motherboard, then disconnect from the internet before you boot.
 
SpacemanSpiff said:
Hidden code in hundreds of models of Gigabyte motherboards invisibly and insecurely downloads programs—a feature ripe for abuse, researchers say.

www.wired.com

Millions of PC Motherboards Were Sold With a Firmware Backdoor

Hidden code in hundreds of models of Gigabyte motherboards invisibly and insecurely downloads programs—a feature ripe for abuse, researchers say.
www.wired.com www.wired.com
Click to expand...
I built a new PC about a year ago and installed a new Gigabyte Z690 Aorus Elite motherboard, which appears to be on the list. I have used a lot of Gigabyte motherboards in the past with previous builds and have never had any issues. Hopefully Gigabyte addresses this issue ASAP!
 
Jim I. said:
Looks like I have some homework to do!
Click to expand...
I dont think you have to really worry. As I understand it from the article the attacker would have to apply some sort of man in the middle attack by way of access to your network or somehow gaining control of gigabytes servers when you machine is checking for updates....its just a general cautionary tale of the way gigabyte went about installing this "service" in the firmware.
 
  • Like
Reactions: Flintstone61 and JDreaming
fenderman said:
I dont think you have to really worry. As I understand it from the article the attacker would have to apply some sort of man in the middle attack by way of access to your network or somehow gaining control of gigabytes servers when you machine is checking for updates....its just a general cautionary tale of the way gigabyte went about installing this "service" in the firmware.
Click to expand...
Gigabyte has been one of the leading motherboard manufacturers for a long time. This could tarnish their reputation a bit if they don't address it with a firmware update or something. I used an Asus motherboard for my recent Blue Iris build, the Gigabyte board is for my main PC. Hopefully Asus doesn't have a similar issue!
 
  • Like
Reactions: JDreaming and fenderman
Jim I. said:
Gigabyte has been one of the leading motherboard manufacturers for a long time. This could tarnish their reputation a bit if they don't address it with a firmware update or something. I used an Asus motherboard for my recent Blue Iris build, the Gigabyte board is for my main PC. Hopefully Asus doesn't have a similar issue!
Click to expand...
I'm surprised they have not addressed it on their website.
 
  • Like
Reactions: JDreaming
I've built plenty of machines with gigabyte mobo's as well as others. Always been happy with their product(s). As much as this recent news is a surprise... it is not. They weren't the first manufacturer to experience this, will most likely not be the last either. When the 'ol BIOS evolved to UEFI, there were many reports that spoke to the risks UEFI could carry. It wasn't a matter of "IF", but "WHEN" we'd see it happen.

I found the eclypsium article that has a bit more technobabble on their findings. There is also a link to the list of affected models at the very end of the article
 
  • Like
Reactions: JDreaming
You must log in or register to reply here.
Top Bottom