Gigabyte Rolls Out BIOS Updates to Remove Backdoor From Motherboards

11 months ago 60

Taiwanese computer components maker Gigabyte has announced BIOS updates meant to remove a backdoor feature that was recently found in hundreds of its motherboards.

The issue, disclosed last week by firmware and hardware security company Eclypsium, is that the firmware of more than 270 Gigabyte motherboards drops a Windows binary that is executed at boot-up to fetch and execute a payload from Gigabyte’s servers.

A feature related to the Gigabyte App Center, the backdoor does not appear to have been exploited for malicious purposes, but threat actors are known to have abused such tools in previous attacks.

When it made its findings public, Eclypsium said it was unclear whether the backdoor was the result of a malicious insider, a compromise of Gigabyte’s servers, or a supply chain attack.

Shortly after Eclypsium published its report, Gigabyte announced the release of BIOS updates that address the vulnerability.

“Gigabyte engineers have already mitigated potential risks and uploaded the Intel 700/600 and AMD 500/400 series Beta BIOS to the official website after conducting thorough testing and validation of the new BIOS on Gigabyte motherboards,” the company announced late last week.

BIOS updates for Intel 500/400 and AMD 600 series chipset motherboards and for previously released motherboards were set to be released late last week as well.

The update resolves “the download assistant vulnerabilities reported by Eclypsium”, read the release notes for the latest BIOS available for the A520 Aorus Elite rev 1.0 motherboards.

The update implements stricter security checks during system boot, including improved validation for files downloaded from remote servers and standard verification of remote server certificates.

The new security enhancements, the company says, should prevent attackers from inserting malicious code during boot and should guarantee that any files downloaded during this process come from servers with valid and trusted certificates.

Organizations and end users alike should review Eclypsium’s list of more than 270 affected motherboard models and, if impacted, should head to Gigabyte’s support website to check for and download any BIOS update released after June 1, 2023.

Related: MSI Confirms Cyberattack, Issues Firmware Download Guidance

Related: BMC Firmware Vulnerabilities Expose OT, IoT Devices to Remote Attacks

Related: Intel Patches High-Severity Vulnerabilities in BIOS, Boot Guard

Read Entire Article