top of page
Search

Gigabyte Systems Found to Have Backdoor-Like Behavior, Exposing 7 Million Devices to Attack



In April 2023, cybersecurity researchers at Eclypsium firm detected suspicious behavior in some of Gigabyte systems. The systems had a Windows executable embedded in their UEFI firmware, which allowed the firmware to drop the executable and retrieve updates in an unsecure format. Gigabyte has acknowledged the issue and addressed it. The company said that the executable is a .NET-based application that is configured to download and execute a payload from Gigabyte update servers over plain HTTP. The company also said that the software "seems to have been intended as a legitimate update application." However, John Loucaides, senior vice president of strategy at Eclypsium, said that the issue potentially impacts "around 364 Gigabyte systems with a rough estimate of 7 million devices." He also said that the behavior of the executable is similar to the LoJack double agent attack. This news is concerning for a few reasons. First, it seems that Gigabyte has been shipping systems with insecure firmware for a while now. Second, the fact that the software is .NET-based means that it could be easily reverse-engineered by attackers. And third, the fact that the software is configured to download and execute a payload from Gigabyte update servers over plain HTTP means that it is vulnerable to man-in-the-middle attacks. If you have a Gigabyte system, you should check to see if it is affected by this issue. You can do this by checking the company's website or contacting customer support.

Comments


bottom of page