Experts have cautioned that millions of Gigabyte motherboards were sent with a software backdoor that could have been exploited to deliver malware to the devices.
Eclypsium, a security firm, stated in a blog post that it has discovered “backdoor-like behavior within Gigabyte systems in the wild.”
Further investigation revealed that 271 distinct Gigabyte motherboard models have a secret mechanism that discreetly runs an updater application, which connects to a remote server, downloads, and then executes malware. While it may appear odd, if not malicious, the updater’s objective is far more benign, according to Eclypsium: to keep the motherboard’s firmware up to date.
Inadequate authentication
Regardless, the researchers discovered that the updater is insecurely designed, allowing threat actors to hijack the updater and utilize it for their own evil objectives. The updater appears to download code without adequate authentication, in some circumstances even through an HTTP connection (rather than HTTPS). Man-in-the-middle assaults on rogue Wi-Fi networks would be possible as a result, allowing prospective threat actors to fake the installation source and distribute malware.
