Researchers Discover Firmware Backdoor Affecting 271 Models of GIGABYTE Motherboards

Tsing

The FPS Review
Staff member
Joined
May 6, 2019
Messages
10,277
Points
83
Eclypsium, a firmware-focused cybersecurity company, has shared a list of 271 motherboards sold by GIGABYTE that, according to researchers, include a hidden backdoor in the firmware that could be used by attackers to install malware onto a system. "Our […] analysis discovered that firmware in Gigabyte systems is dropping and executing a Windows native executable during the system startup process, and this executable then downloads and executes additional payloads insecurely," Eclypsium explained in a blog post dated today that details the company's key findings, including the level of impact and what organizations with the affected motherboards can do to minimize risk. Eclypsium says it's working with GIGABYTE to address the issue, which appears to stem from the App Center feature.

See full article...
 
Not being a security specialist, and not seeing the name(s) in various places I decided to do a search on "Living-off-the-Land techniques (like in the recent alert regarding Volt Typhoon attackers)" and came up with this which I find a whole lot more scary. The worst part is that the following is from last week.

www.microsoft.com

Volt Typhoon targets US critical infrastructure with living-off-the-land techniques | Microsoft Security Blog

Chinese state-sponsored actor Volt Typhoon is using stealthy techniques to target US critical infrastructure, conduct espionage, and dwell in compromised environments.
www.microsoft.com www.microsoft.com
 
Well... ****.

Gigabyte pushes Trojans, MSI changes the warranty at will, and Asus will damage your hardware. Who's left? Does EVGA still make motherboards?

(Not Asrock for me, although some folks have had good luck there)
 
Last edited:
Brian_B said:
Well... ****.

Gigabyte pushes Trojans, MSI changes the warranty at will, and Asus will damage your hardware. Who's left? Does EVGA still make motherboards?
Click to expand...
They make power supplies, and have seemingly no interest in selling custom connectors for the HPV.. HVP... whatever the new connectors are called. I've tried...
That EVGA legendary support is lacking.
 
Grimlakin said:
They make power supplies, and have seemingly no interest in selling custom connectors for the HPV.. HVP... whatever the new connectors are called. I've tried...
That EVGA legendary support is lacking.
Click to expand...
Yeah, I hate to say it and I am a huge fan of them but I'm just waiting for the day when we hear that they're closing up shop. I'm still on their email list and get the semi-weekly sales flyers but I don't see much of anything new and wonder how they're staying afloat. It saddens me to no end.
 
Peter_Brosdahl said:
Yeah, I hate to say it and I am a huge fan of them but I'm just waiting for the day when we hear that they're closing up shop. I'm still on their email list and get the semi-weekly sales flyers but I don't see much of anything new and wonder how they're staying afloat. It saddens me to no end.
Click to expand...
Part of me hopes they are simply awaiting an end of exclusivity deal with Nvidia to start making AMD and Intel boards.
 
Grimlakin said:
Part of me hopes they are simply awaiting an end of exclusivity deal with Nvidia to start making AMD and Intel boards.
Click to expand...
That. . . .would be awesome! It's been so long since their announcement in September that I'd forgotten about that possibility. A lot of us were hoping for that. Not that I have any contacts but I'll try to shoot them an email inquiring about the possibility.
 
It took me a while to remember it and if it wasn't for writing here I wouldn't remember either.
12VHPWR (12 volt high power)

Yeah, a round of immunizations for the rig after an HPV infection can be rough.
 
Grimlakin said:
the HPV.. HVP... whatever the new connectors are called
Click to expand...
Peter_Brosdahl said:
It took me a while to remember it and if it wasn't for writing here I wouldn't remember either.
12VHPWR (12 volt high power)
Click to expand...
At first I tried to memorize the acronym itself instead of the meaning behind it, and that didn't work out. I was straight-up just calling it "twelve V H P W R". When I started actually saying "12-volt high power" that's when I was able to remember the acronym.
 
DrezKill said:
I started actually saying "12-volt high power" that's when I was able to remember the acronym.
Click to expand...
Yep, same for me. I figured someone would get that as well and why I put it in that reply. Once you say it, it sticks, but until then its just another one of the unending acronyms we're constantly getting flooded with. I've been joking since college that there needs to be a moratorium/ban on them for a bit.
 
Peter_Brosdahl said:
Yeah, I hate to say it and I am a huge fan of them but I'm just waiting for the day when we hear that they're closing up shop. I'm still on their email list and get the semi-weekly sales flyers but I don't see much of anything new and wonder how they're staying afloat. It saddens me to no end.
Click to expand...
I still have my EVGA Z690 Classified here. Been an awesome board. If I ever decide to go make to a more traditional non white themed set up I'll use it again.
 
Brian_B said:
Well... ****.

Gigabyte pushes Trojans, MSI changes the warranty at will, and Asus will damage your hardware. Who's left? Does EVGA still make motherboards?

(Not Asrock for me, although some folks have had good luck there)
Click to expand...
Is it just me or has the whole industry kind of forgot about Quality Control as of late? I was in QC for over twenty years and this just screams of bad QC for all of the above.
 
Niner51 said:
I still have my EVGA Z690 Classified here. Been an awesome board. If I ever decide to go make to a more traditional non white themed set up I'll use it again.
Click to expand...
I've seen some great sales for the Dark Kingpin versions of it and I think, maybe, the 790 as well. I almost jumped on one but not really want to go that route right now. However, haven't really heard of any new motherboards since or at least I'm not noticing any in their flyers which is why I'm doubting their current state.
 
Peter_Brosdahl said:
I've seen some great sales for the Dark Kingpin versions of it and I think, maybe, the 790 as well. I almost jumped on one but not really want to go that route right now. However, haven't really heard of any new motherboards since or at least I'm not noticing any in their flyers which is why I'm doubting their current state.
Click to expand...
Yeah once their GPU manufacturing stopped they have stayed in a Dark state..yes pun was intended.
 
Consumer motherboard manufacturers don't care about security. This was an instance of Gigabyte practicing 1990s-level security when it decided that it was a good idea to integrate parts of its crapware Windows software utilities into its firmware. Affected motherboards have an option in the firmware settings to disable the "feature", so they clearly weren't hiding anything. That doesn't let them off the hook, but it's different from discovering that they were surreptitiously gathering data from customers. JMHO, of course.

UEFI already provides an OS-independent mechanism for automating firmware updates. Gigabyte should arrange to have updates delivered through the OS-appropriate distribution channel such as Windows/Microsoft Update, and LFVS in the case of Linux.

I kinda wish that Intel would start making desktop motherboards again, provided they would at least offer "legacy" support to boards older than three years, instead of declaring them EOL and yanking all existing drivers and firmware from the site.
 
Tempest said:
This was an instance of Gigabyte practicing 1990s-level security when it decided that it was a good idea to integrate parts of its crapware Windows software utilities into its firmware.
Click to expand...
Kind of reminds me of companies that incorporate open-source code in their app w/o vetting it properly and creating an unexpected exploit because the original author(s) never intended to be used in a particular fashion. It becomes an even greater nightmare with said company using that code which is now embedded into more and then added to yet another app.
 
You must log in or register to reply here.
Become a Patron!
Back
Top