Firmware backdoor discovered in Gigabyte motherboards: what to do to protect data

A firmware backdoor has been discovered in several motherboards manufactured by Gigabyte, one of the world's largest manufacturers. The firmware backdoor would be present on 271 motherboard models, including the most used ones for high-end gaming PCs from the Aorus and Gaming brands. PCs that use these motherboards are often used in professional environments where high performance is required. It is not yet known how the firmware backdoor made its way into products, but an update was immediately released to fix the issue.

Gigabyte was founded in Taiwan in 1986 and has since produced a huge range of computer systems. Today, many of the motherboards are sold directly to end users for assembling their own computers. However, the firmware backdoor also impacts AMD and Intel systems, so the number of potential users involved is very high. Most of the impacted products are high-end, used by professional gamers who demand high performance, but there are other motherboards also present in the hacked product list.

Possible causes of the firmware backdoor and how to fix it

The presence of the firmware backdoor was also confirmed by Gigabyte itself. The cause of the problem is not yet known, but it is likely that it is a malicious attack that has managed to infiltrate the production environment or simply a programming error by one of the engineers. In any case, the firmware backdoor poses a threat to the information security of all users. Fortunately, Gigabyte promptly released an update to fix the problem.

If the patch cannot be installed or if it is not enough to solve the problem, there are some mitigating measures that users can apply to prevent any attacks. An immediate solution is to disable the "APP Center Download & Install" feature and set a firmware password if it is not already present. Also, system administrators can prevent any malicious files from being downloaded by blocking specific URLs.

Firmware backdoor threats

The firmware backdoor poses a significant risk to user security, as it allows attackers to infiltrate the system and gain access to sensitive user information. The backdoor was identified as an unprotected Windows executable, which loads during the normal boot process of the motherboard. Attackers can exploit this executable to download malware payloads or firmware implants that allow them to bypass security measures.

It is unclear whether this was a malicious cyber attack or human error. In fact, Gigabyte suffered a series of ransomware attacks by criminal groups in 2021. It has not yet been proven that the backdoor has been exploited, but the high number of users involved requires the utmost attention.

Additional security issues in many major brand motherboards

The backdoor problem in Gigabyte's motherboards is not an isolated case. In fact, many motherboard manufacturers have reported similar security issues in the recent past. For example, in early 2022, a series of vulnerabilities were discovered in the firmware of motherboards manufactured by brands such as Intel, Lenovo, Dell and Siemens, which allowed the injection of persistent malware.

Other motherboards from other manufacturers, such as MSI, have also reported security issues with their default Secure Boot settings allowing malware to run even if it is detected. Additionally, several vulnerabilities specific to Gigabyte's motherboards and drivers were discovered in 2022. However, the firmware backdoor remains one of the more serious problems, potentially being more prevalent and harder to detect. In general, motherboard manufacturers should do more to ensure maximum security of their products and prevent possible attacks by malicious people.