Gigabyte created dangerous backdoor on millions of PC motherboards - The UpStream

Gigabyte created dangerous backdoor on millions of PC motherboards

posted Sunday Jun 4, 2023 by Scott Ertz

Back doors are a common, yet controversial part of the tech industry. Sometimes, they are innocuous ways for the software to transfer data in the background, like doing updates without bothering the user. Other times, they are intended to allow outsiders to access data on your computer or bypass security settings. What is not common is leaving a back door open on hardware, especially something as core to the operation of the world as computer motherboards. However, that is exactly what happened with Gigabyte motherboards.

What is a back door?

A back door in software refers to a hidden entry point into the system, either to allow the user to bypass security or to get around built-in restrictions. It is usually done by inserting extra lines of code or using secret commands. In hardware, it can refer to an undocumented physical access point or even an extra chip on the motherboard to allow for remote access.

Regardless of the means, a back door allows someone to have privileged access without being detected. This is why it can be used for malicious purposes such as spying or data theft and is a hacker's absolute best friend.

Back doors being opened in a computer's UEFI firmware, which is the small package of software that controls the hardware on the computer, is a common attack surface for serious hackers. Gaining access to the hardware infrastructure can allow a hacker to install software bypassing all of the security built into Windows. Fortunately, this is not usually an easy task on most computers. Sometimes the hackers are given a gift-wrapped present from the manufacturer.

Gigabyte's gift to hackers

Researchers at Eclypsium, a research firm focused on cybersecurity in firmware, released info revealing a major issue with Gigabyte motherboards. When a computer running on a motherboard from the Taiwanese brand popular with gamers, reboots or powers on, the system will try to connect to the internet and download an updater package. The package is then executed within the context of the firmware without any checks or viable verifications.

Conceptually, the process is intended to be a simple, beneficial one for users. Your motherboard keeps itself up to date without having to bother you every few weeks. You get security updates, patches, and more without having to be actively involved in the process. However, because of the way it is all implemented, it would be a fairly simple process to hijack and turn a computer into a zombie, controlled by the hijacker. John Loucaides, head of strategy and research at Eclypsium, said,

If you have one of these machines, you have to worry about the fact that it's basically grabbing something from the Internet and running it without you being involved, and hasn't done any of this securely. The concept of going underneath the end user and taking over their machine doesn't sit well with most people.

It's important to note that there is no evidence that Gigabyte had any malicious intent here. Instead, it appears to simply be laziness or incompetence. Gigabyte is currently working to fix the problem, but there is no publicly available timeline for releasing the solution. Hopefully, it won't take long to patch this particular problem.