• Happy holidays, folks! Thanks to each and every one of you for being part of the Tom's Hardware community!

Question Firmware Backdoor Discovered in Gigabyte Motherboards im i affected

DREDKNOT_2077

Honorable
Nov 5, 2017
142
3
10,595
with the news about the Firmware Backdoor Discovered in Gigabyte Motherboards

im i affected with my three in use mobo are

Gigabyte B450 AORUS M Micro ATX AM4 Motherboard updated to F63 Jan 31, 2023

Gigabyte B550M DS3H Micro ATX AM4 Motherboard updated to F17d Mar 23, 2023

Gigabyte B550I AORUS PRO AX Mini ITX AM4 Motherboard updated to F15 Jan 13, 2022

i dont use any gigabyte software as all three are on pop os 23.04lts im i good or do i need to update my mobo's bios

an have a firewalla set to block remote access

also im i read the https://www.tomshardware.com/news/gigabyte-motherboards-come-with-a-firmware-backdoor artical right

these are bad links to be block

http://mb.download.gigabyte.com/FileList/Swhttp/LiveUpdate4

https://mb.download.gigabyte.com/FileList/Swhttp/LiveUpdate4

https://software-nas/Swhttp/LiveUpdate4
 
Gigabyte B450 AORUS M Micro ATX AM4 Motherboard updated to F63 Jan 31, 2023
If you look at BIOS F64d;
Checksum : 1AE4
Addresses download assistant vulnerabilities reported by Eclypsium Research

I'd update the BIOS if you see that mentioned in description for the BIOS download pages for the above motherboards.
 
with the news about the Firmware Backdoor Discovered in Gigabyte Motherboards

im i affected with my three in use mobo are

Gigabyte B450 AORUS M Micro ATX AM4 Motherboard updated to F63 Jan 31, 2023

Gigabyte B550M DS3H Micro ATX AM4 Motherboard updated to F17d Mar 23, 2023

Gigabyte B550I AORUS PRO AX Mini ITX AM4 Motherboard updated to F15 Jan 13, 2022

i dont use any gigabyte software as all three are on pop os 23.04lts im i good or do i need to update my mobo's bios

an have a firewalla set to block remote access

also im i read the https://www.tomshardware.com/news/gigabyte-motherboards-come-with-a-firmware-backdoor artical right

these are bad links to be block

http://mb.download.gigabyte.com/FileList/Swhttp/LiveUpdate4

https://mb.download.gigabyte.com/FileList/Swhttp/LiveUpdate4

https://software-nas/Swhttp/LiveUpdate4
Not only download and update to the latest BIOS, but find and disable the BIOS setting that downloads and installs the Gigabyte Updater package. You can even do this much without the updated BIOS and it won't install the updater anymore.

But before you're fully protected from possible future craziness you also need to find and delete the Gigabyte Updater service it has probably already installed in your system. You need to disable it first, I use "services.msc". But you can also do it in MSCONFIG on the SERVICES tab which makes it easier to find since you can hide display of the Microsoft services.

Once you find and disable it in MSCONFIG you'll have to also find it in "services.msc" to determine it's service name, needed to delete it. On my board (B550m Aorus Pro) it's called "GigabyteUpdaterService". Not creative but at least it's not trying to hide itself so that's good. It might be the same for all boards, I don't know.

Just disabling it isn't enough because it will restart at next re-boot, at least it does on mine. Once it's disabled open a command prompt with admin rights and type in "SC delete servicename". Don't use the quotes and replace "servicename" with the service's name you got (or confirmed) in services.msc.
 
Last edited:
Wasn't it just the B450 and B550 chipset gigabyte motherboards?

I'm just waiting to hear about the first wave of attacks on MSI motherboard since their recent breach, leaving all MSI motherboards and possibly MSI graphics cards at risk or has that been mitigated?

I wouldn't be using or buying any MSI motherboards or graphics cards if I was upgrading atm not at least until the risk has been publicly mitigated.
 
Last edited by a moderator:
Wasn't it just the B450 and B550 chipset gigabyte motherboards?

I'm just waiting to hear about the first wave of attacks on MSI motherboard since their recent breach, leaving all MSI motherboards and possibly MSI graphics cards at risk or has that been mitigated?
...
It was (some at least) of Gigabytes X470 and X570 boards too...and even many of their Intel boards released in the same time period.

And to be clear, it was never an attack. It was only a vulnerability that their method of pushing their app onto fresh Windows installations had. It made requests on servers that are hard-coded in the BIOS and downloaded the app without checking digital signatures; if I recall correctly it didn't even use an HTTPS request. That left it open to something called a man-in-the-middle attack but the article never suggested it had ever been actually exploited. Although, that can change at any time.

I also don't think MSI's breach would likely cause, or even exploit, the same sort of problem. I haven't seen or read where MSI even does this BIOS initiated DL of an application back-door trick. Although, Asus certainly does as they did it on the Asus board I ruined, but I don't know that they did it like GB did so don't think they've exposed their customers to similar exploits.
 
Last edited: