Cybersecurity research firm Eclypsium has discovered a potentially dangerous security flaw in the UEFI firmware of millions of Gigabyte motherboards. At least 271 models are said to contain the vulnerability, which could potentially open up a way for criminals to silently install malware on these systems under certain conditions. Both Intel and AMD motherboards from the past several years are affected, including many of the latest products with the Z790 and X670 chipsets.
As per the report (via Wired), the vulnerability is part of an updater program that is supposed to automatically download and install the latest firmware updates from Gigabyte without any interaction on the part of the user. While the inclusion of a silent updater is itself a cause for concern, what makes it worse is that it has massive security issues that could potentially allow it to be hijacked. Not only does the program download unauthenticated code, it also sometimes does so over unsecured HTTP connections instead of HTTPS, potentially opening the door for man-in-the-middle attacks.
The updater can even pose a security threat when the machine isn’t connected to the internet. That’s because the updater program has the capacity to download software from a local network-attached storage device (NAS), possibly to help system admins update all PCs on their network at once. This feature, however, can be exploited by threat actors who can break into the same network and spoof the location of the NAS drive to install malware without being detected.
Eclypsium has already contacted Gigabyte with its research, and the Taiwanese tech firm says it is working on an update to fix the vulnerability for good. Overall, ‘millions’ of motherboards with the problem are said to be circulating globally right now, so it remains to be seen how quickly Gigabyte will be able to roll out a fix to prevent any major security issue for its customers.
