Facepalm: Firmware security services provider Eclypsium recently detected what it described as suspected backdoor-like behavior on some Gigabyte systems in the wild. A follow-up analysis revealed Gigabyte is using code in motherboard firmware to quietly run an updater program that connects to the Internet to download and subsequently install firmware updates.
The hidden backdoor could allow hackers to install malware on a system.
It may not sound like a big deal – heck some might even applaud Gigabyte for wanting to ensure users have the latest firmware – but there are some issues with the company’s methods. According to Eclypsium, code is downloaded to users’ computers without being properly authenticated. What’s more, downloads occasionally happen over HTTP instead of the more secure HTTPS, which could leave you vulnerable to a man in the middle attack.
There is also the issue that Gigabyte’s actions are simply going to rub some people the wrong way, even if the board maker had the best of intentions. At the end of the day, they are still using a hidden mechanism to silently download and install code from the Internet without your knowledge or consent.
Others will argue that the whole thing is not that big of a deal, and that tech companies issue firmware updates all the time. What’s your take on the matter? Personally, I wouldn’t be thrilled about a company updating my motherboard’s firmware without my approval. What if the new firmware wasn’t compatible with my hardware, or messed up my overclock?
Eclypsium said it is working with Gigabyte to address the insecure implementation of the feature. For what it’s worth, Eclypsium found the backdoor on over 260 Gigabyte boards. The full list of affected motherboards has been published for your convenience.
In the meantime, concerned parties can block access to the following URLs that get pinged to check for updates:
- http://mb.download.gigabyte.com/FileList/Swhttp/LiveUpdate4
- https://mb.download.gigabyte.com/FileList/Swhttp/LiveUpdate4
- https://software-nas/Swhttp/LiveUpdate4
Uneasy Gigabyte board users are also encouraged to check their UEFI / BIOS for an App Center Download & Install feature, and disable it if the option exists. It might not be a bad idea to also scan your system for malware.