Quick Hits

Gigabyte Slams Backdoor Shut With Attack-Killing BIOS Update

A firmware update for hundreds of Gigabyte PC models gets rid of a backdoor capability that could be hijacked by cybercriminals, the company says.

Gigabyte has released a BIOS update with increased security following the discovery of an inadvertent system backdoor present on hundreds of models of Gigabyte PCs, ripe for cybercriminal misuse.

The hardware, motherboard, and graphics card manufacturer released the Intel 700/600 and AMD 500/400 series Beta BIOS updates on June 1, just one day after the Gigabyte backdoor was publicly revealed by researchers at Eclypsium Labs.

"Recently, the Eclypsium platform began detecting suspected backdoor-like behavior within Gigabyte systems in the wild," Eclypsium analysts explained in a blog post, noting that the issue is present in the way the systems handle the app center capability. "[We] discovered that firmware in Gigabyte systems is dropping and executing a Windows native executable during the system startup process, and this executable then downloads and executes additional payloads insecurely."

The added that the backdoor uses "the same techniques as other OEM backdoor-like features like Computrace backdoor (a.k.a. LoJack DoubleAgent) abused by threat actors and even firmware implants such as Sednit LoJax, MosaicRegressor, Vector-EDK."

The fixes include stricter validation of files downloaded from remote servers, as well as blocks on file downloads by servers without valid certificates, Gigabyte added.

"To fortify system security, Gigabyte has implemented stricter security checks during the operating system boot process," Gigabyte said in its statement.

Editors' Choice
Tara Seals, Managing Editor, News, Dark Reading
Jim Broome, President & CTO, DirectDefense
Nate Nelson, Contributing Writer, Dark Reading