{"id":164900,"date":"2023-05-31T22:26:19","date_gmt":"2023-06-01T03:26:19","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2023\/05\/if-your-laptop-or-pc-has-gigabyte-motherboard-then-it-has-backdoor-for-hackers"},"modified":"2023-05-31T22:26:19","modified_gmt":"2023-06-01T03:26:19","slug":"if-your-laptop-or-pc-has-gigabyte-motherboard-then-it-has-backdoor-for-hackers","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2023\/05\/if-your-laptop-or-pc-has-gigabyte-motherboard-then-it-has-backdoor-for-hackers","title":{"rendered":"If your Laptop or PC has Gigabyte motherboard then it has backdoor for hackers"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/if-your-laptop-or-pc-has-gigabyte-motherboard-then-it-has-backdoor-for-hackers.jpg\"><\/a><\/p>\n<p>Researchers at the cybersecurity firm Eclypsium, which focuses on firmware, reported today that they have found a secret backdoor in the firmware of motherboards manufactured by the Taiwanese manufacturer Gigabyte\u2019s components are often used in gaming <a href=\"https:\/\/www.securitynewspaper.com\/2023\/05\/08\/these-57-msi-laptop-models-are-insecure-as-intel-boot-guard-cant-protect-it-from-uefi-attacks\/\" target=\"_blank\" rel=\"noreferrer noopener\">PCs<\/a> and other high-performance systems. Eclypsium discovered that whenever a computer with the affected Gigabyte motherboard restarts, code inside the motherboard\u2019s firmware silently triggers the launch of an updater application, which then downloads and runs another piece of software on the machine. Researchers discovered that the hidden code was built in an unsafe manner, making it possible for the mechanism to be hijacked and used to install malware rather than Gigabyte\u2019s intended software.<\/p>\n<p>Despite the fact that Eclypsium claims the hidden code is intended to be a harmless utility to keep the motherboard\u2019s firmware updated, researchers determined that the implementation was vulnerable. And since the updater application is activated from the computer\u2019s firmware rather than the operating system, it is difficult for users to either delete it or even detect it on their own. In the blog post, the company details the 271 different versions of Gigabyte motherboards that the researchers think are vulnerable. According to experts, individuals who are interested in discovering the motherboard that is used by their computer may do so by selecting \u201cStart\u201d in Windows and then selecting \u201cSystem Information.\u201d<\/p>\n<p>Users who don\u2019t trust Gigabyte to silently install code on their machine with a nearly invisible tool may have been concerned by Gigabyte\u2019s updater alone. Other users may have been concerned that Gigabyte\u2019s mechanism could be exploited by hackers who compromise the motherboard manufacturer to exploit its hidden access in a software supply chain attack. The update process was designed and built with obvious flaws that left it susceptible to being exploited in the following ways: It downloads code to the user\u2019s workstation without properly authenticating it, and in certain cases, it even does it through an unsecured HTTP connection rather than an HTTPS one. This would make it possible for a man-in-the-middle attack to be carried out by anybody who is able to intercept the user\u2019s internet connection, such as a malicious Wi-Fi network. The attack would enable the installation source to be faked.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Researchers at the cybersecurity firm Eclypsium, which focuses on firmware, reported today that they have found a secret backdoor in the firmware of motherboards manufactured by the Taiwanese manufacturer Gigabyte\u2019s components are often used in gaming PCs and other high-performance systems. Eclypsium discovered that whenever a computer with the affected Gigabyte motherboard restarts, code inside [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34,418],"tags":[],"class_list":["post-164900","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode","category-internet"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/164900","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=164900"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/164900\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=164900"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=164900"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=164900"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}