Gigabyte Slams Backdoor Shut With Attack-Killing BIOS Update

A firmware update for hundreds of Gigabyte PC models gets rid of a backdoor capability that could be hijacked by cybercriminals, the company says.

Dark Reading Staff, Dark Reading

June 5, 2023

1 Min Read
slamming back door shut on cargo van
Source: Hanna Kuprevich via Alamy

Gigabyte has released a BIOS update with increased security following the discovery of an inadvertent system backdoor present on hundreds of models of Gigabyte PCs, ripe for cybercriminal misuse.

The hardware, motherboard, and graphics card manufacturer released the Intel 700/600 and AMD 500/400 series Beta BIOS updates on June 1, just one day after the Gigabyte backdoor was publicly revealed by researchers at Eclypsium Labs.

"Recently, the Eclypsium platform began detecting suspected backdoor-like behavior within Gigabyte systems in the wild," Eclypsium analysts explained in a blog post, noting that the issue is present in the way the systems handle the app center capability. "[We] discovered that firmware in Gigabyte systems is dropping and executing a Windows native executable during the system startup process, and this executable then downloads and executes additional payloads insecurely."

The added that the backdoor uses "the same techniques as other OEM backdoor-like features like Computrace backdoor (a.k.a. LoJack DoubleAgent) abused by threat actors and even firmware implants such as Sednit LoJax, MosaicRegressor, Vector-EDK."

The fixes include stricter validation of files downloaded from remote servers, as well as blocks on file downloads by servers without valid certificates, Gigabyte added.

"To fortify system security, Gigabyte has implemented stricter security checks during the operating system boot process," Gigabyte said in its statement.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights