Gigabyte is one of the most popular manufacturers of PC motherboards, especially for hardcore gamers. However, many of these motherboards have a previously discovered firmware backdoor. This design allows hackers to send malicious software through this backdoor, and into the PCs of these Gigabyte board owners.
The revelation was made earlier this week by Backdoor Cyber security firm Eclipsium (through Wired). In its blog post, the firm claims to have seen evidence of backdoor activity based on Gigabyte motherboards. While the feature was designed so that Gigabyte could quickly update the firmware of its motherboards, Eclipse says the company didn’t do enough to make it secure.
Eclipsium’s John Lockades spoke to Wired about the situation:
If you have one of these machines, you have to worry about the fact that it’s basically getting something off the Internet and running it without you getting involved, and No one has done it safely.
If you have a Gigabyte motherboard inside your computer and you want to know if it has a pre-hidden firmware backdoor, you can. See the list on the Eclipse site. There are a lot of them, as it turns out. The firm has identified 271 Gigabyte motherboard models that have this security flaw. This means there could be millions of motherboards that have this problem.
Eclipse says it has disclosed its findings to Gigabyte and is working with the company on a fix for the firmware backdoor. As of this writing, Gigabyte has not issued a public statement regarding this motherboard defect.
If your computer has one of the motherboards on Eclipse’s list, there are things you can do to prevent its firmware from being hijacked, according to Eclipse.
Inspect and disable the “Download and Install APP Center” feature in UEFI/BIOS setup on Gigabyte systems and set a BIOS password to prevent malicious changes.
If your business or organization uses PCs with affected Gigabyte motherboards, Eclipse says your IT administrator can also block the following URLs.
- http://mb.download.gigabyte.com/FileList/Swhttp/LiveUpdate4
- https://mb.download.gigabyte.com/FileList/Swhttp/LiveUpdate4
- https://software-nas/Swhttp/LiveUpdate4
Even if the company provides a software fix to secure this backdoor, it’s possible that many PCs with Gigabyte boards won’t accept the firmware update. If that happens, the problem could continue to leave PCs with these motherboards open to cyber attacks.