News Gigabyte Motherboards Come With A Firmware Backdoor

[Admin]

Cybersecurity company Eclypsium has discovered a backdoor in Gigabyte's firmware that affects 271 different motherboards.

Gigabyte Motherboards Come With A Firmware Backdoor : Read more

 

[drea.drechsler]

Great info in this article. I disabled the BIOS setting as soon as I could in my new Gigabyte board but with information the author provided I've also locked out those three update sites in my HOSTS file. That's so there's no chance of anything happening if I forget after a BIOS update or CMOS reset.

But this practice is irresponsible IMO. The Asus board this Gigabyte one replaces did the same thing; there should be a proactive way to stop it completely.

 

[Alvar "Miles" Udell]

Had that disabled since day one. The question is will Gigabyte actually do anything about it on Socket AM4 systems since they're discontinued, or will AMD secretly tell them not to to "encourage" people to upgrade...

 

[drtweak]

Yea I always disable that and any kind of "Auto Install" that any MB does these days.

 

[TechieTwo]

Is this incompetence or laziness?

 

[King_V]

... will Gigabyte actually do anything about it on Socket AM4 systems since they're discontinued, or will AMD secretly tell them not to to "encourage" people to upgrade...

Oh, yeah. That's real plausible.

/s

 

[wujj123456]

Great info in this article. I disabled the BIOS setting as soon as I could in my new Gigabyte board but with information the author provided I've also locked out those three update sites in my HOSTS file. That's so there's no chance of anything happening if I forget after a BIOS update or CMOS reset.

HOSTS file is a Windows feature. UEFI has its own network stack not depending on OS. That's why it can download latest firmware even without booting into any OS. You need to block the sites on the router and that might require a decent router with firewall capability.

 

[drea.drechsler]

HOSTS file is a Windows feature. UEFI has its own network stack not depending on OS. That's why it can download latest firmware even without booting into any OS. You need to block the sites on the router and that might require a decent router with firewall capability.

Oh wow...I didn't think about UEFI being used for this.

My router does have a firewall but I'm not familiar with using it. I guess that's something new to learn.

 

[digitalgriffin]

For the nas attack to work your network will need a nas on it that uses that url or your internal network compromised.

 

[digitalgriffin]

For the network man in middle attack I think the DNS would have to be compromised

 

[RichardtST]

These incessant connections to the network are getting out of hand. My BIOS now automagically phones home too? Seriously? Time to start looking for a "whitelist" filter outbound firewall that only allows sites that I approve of... There has got to be a few out there. Any recommendations?

 

[jp7189]

These incessant connections to the network are getting out of hand. My BIOS now automagically phones home too? Seriously? Time to start looking for a "whitelist" filter outbound firewall that only allows sites that I approve of... There has got to be a few out there. Any recommendations?

You could run Untangle in transparent mode inline behind your firewall. It requires an old PC with two network ports. The base install is free and very easy to get in to. It can do what you want and offers a ton of other controls. There are a bunch of paid for modules for more control, but they had a $50 home license that unlocked everything... at least they did 3 years ago.

There's also pfSense and OpenSense amoung many others that are completely free and give you lots of control, but are a bit less user friendly in my opinion.

If you have the money, Fortigate is good, but requires $750/yr in licensing.

 

[randomizer]

The exclusions are strange. I have a full ATX B550 Aorus Pro AX and it's not on the list, but the Micro-ATX and Mini-ITX form factors are. It could be an oversight I suppose. I don't have APP Center installed anyway. In fact this is the first I've even heard of it.

 

[drea.drechsler]

HOSTS file is a Windows feature. UEFI has its own network stack not depending on OS. That's why it can download latest firmware even without booting into any OS. You need to block the sites on the router and that might require a decent router with firewall capability.

So...if I disable the network stack in my BIOS settings does that mean UEFI couldn't use it either, before the OS has installed it's stack? not that that's anymore helpful since I'm most worried about this after a CMOS reset or BIOS update should I forget to disable those things. I'll suppose I could unplug the RJ-45 plug until BIOS is set up again after one of those.

Also, I thought that was only to allow unattended push-installs on a managed network which doesn't (exactly) apply to me as a home user. But considering how shady GB and Asus are with this, I can see them using that back door to push something into my system anyway. I can just imagine my PC turning on in the middle of the night to install something they sent out without asking me. I always disable those features (Wake-On-Lan, Network Stack, etc.) in BIOS; before it was a matter of principle but now there appears to be a very real threat potential.

 

[King_V]

The exclusions are strange. I have a full ATX B550 Aorus Pro AX and it's not on the list, but the Micro-ATX and Mini-ITX form factors are. It could be an oversight I suppose. I don't have APP Center installed anyway. In fact this is the first I've even heard of it.

Yeah, I took a look at the list. I have two A520M-DS3H boards, and was glad that they weren't on the list.

I was a little surprised that the A520M-S2H, which is the lowest-end A520 motherboard they have, had this feature, but no other ones. Strange, but if true, I'm not complaining!

 

[Math Geek]

my b450 aorus pro is also not on the list but a couple other aorus models are in the b450 chipset.

gonna skim the bios anyway for these settings and see if they are there. i don't have any of the software installed either but i can at least check the bios for anything i need to disable. running linux anyway so not likely it's effected by this either way. seems windows is better designed to allow such things to happen while linux does not really make it easy to do.

not a fan of my pc doing ANYTHING i did not tell it to do, so this is very disconcerting to me for sure.

 

[SunMaster]

y b450 aorus pro is also not on the list but a couple other aorus models are in the b450 chipset.

My x570 master isn’t on the list either, but the x570s master is. I don’t feel assured the list is complete.

 

[Math Geek]

I don't see that setting in my bios. Will look deeper later when I got more time to check all of it

 

[drea.drechsler]

I don't see that setting in my bios. Will look deeper later when I got more time to check all of it

I found it in the I/O Settings section of my B550m Aorus Pro.

For the B550m TUF it replaced I'd search on "Armoury Crate" to find it.

 

[drea.drechsler]

my b450 aorus pro is also not on the list but a couple other aorus models are in the b450 chipset.

gonna skim the bios anyway for these settings and see if they are there. i don't have any of the software installed either but i can at least check the bios for anything i need to disable. running linux anyway so not likely it's effected by this either way. seems windows is better designed to allow such things to happen while linux does not really make it easy to do.

not a fan of my pc doing ANYTHING i did not tell it to do, so this is very disconcerting to me for sure.

If it ever hit you might have a new service called "GigabyteUpdateTask", or something like that, in services.msc list. Just give it an SC /delete at a CMD prompt and it's gone...but if it comes back after a restart then the BIOS is downloading and installing it again.

 

[peachpuff]

Author needs to read up on what the definition of backdoor actually means. This is simply an unsecured updater that needs gigabytes website hacked to exploit.

 

[drea.drechsler]

.... This is simply an unsecured updater that needs gigabytes website hacked to exploit.

ohh...well that makes me feel all safe and secure.

Not.

 

[digitalgriffin]

Author needs to read up on what the definition of backdoor actually means. This is simply an unsecured updater that needs gigabytes website hacked to exploit.

Or the dns compromised by a state actor

 

[Alvar "Miles" Udell]

Oh, yeah. That's real plausible.

/s

If you didn't understand, that was sarcasm.

 

[Amdlova]

Its why I have a old system
And my router has config to my pc IP with dmz actived.
Free be free.