5

Millions of PC Motherboards Were Sold With a Firmware Backdoor - Slashdot

 10 months ago
source link: https://it.slashdot.org/story/23/05/31/1813256/millions-of-pc-motherboards-were-sold-with-a-firmware-backdoor
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

Millions of PC Motherboards Were Sold With a Firmware Backdoor

Slashdot is powered by your submissions, so send in your scoop

binspamdupenotthebestofftopicslownewsdaystalestupid freshfunnyinsightfulinterestingmaybe offtopicflamebaittrollredundantoverrated insightfulinterestinginformativefunnyunderrated descriptive typodupeerror

Do you develop on GitHub? You can keep using GitHub but automatically sync your GitHub releases to SourceForge quickly and easily with this tool so your projects have a backup location, and get your project in front of SourceForge's nearly 30 million monthly users. It takes less than a minute. Get new users downloading your project releases today!

Sign up for the Slashdot newsletter! or check out the new Slashdot job board to browse remote jobs or jobs in your area
×

Millions of PC Motherboards Were Sold With a Firmware Backdoor (wired.com)

Posted by msmash

on Wednesday May 31, 2023 @02:41PM from the security-woes dept.
Hidden code in hundreds of models of Gigabyte motherboards invisibly and insecurely downloads programs -- a feature ripe for abuse, researchers say. From a report: Hiding malicious programs in a computer's UEFI firmware, the deep-seated code that tells a PC how to load its operating system, has become an insidious trick in the toolkit of stealthy hackers. But when a motherboard manufacturer installs its own hidden backdoor in the firmware of millions of computers -- and doesn't even put a proper lock on that hidden back entrance -- they're practically doing hackers' work for them. Researchers at firmware-focused cybersecurity company Eclypsium revealed today that they've discovered a hidden mechanism in the firmware of motherboards sold by the Taiwanese manufacturer Gigabyte, whose components are commonly used in gaming PCs and other high-performance computers. Whenever a computer with the affected Gigabyte motherboard restarts, Eclypsium found, code within the motherboard's firmware invisibly initiates an updater program that runs on the computer and in turn downloads and executes another piece of software.

While Eclypsium says the hidden code is meant to be an innocuous tool to keep the motherboard's firmware updated, researchers found that it's implemented insecurely, potentially allowing the mechanism to be hijacked and used to install malware instead of Gigabyte's intended program. And because the updater program is triggered from the computer's firmware, outside its operating system, it's tough for users to remove or even discover. "If you have one of these machines, you have to worry about the fact that it's basically grabbing something from the internet and running it without you being involved, and hasn't done any of this securely," says John Loucaides, who leads strategy and research at Eclypsium. "The concept of going underneath the end user and taking over their machine doesn't sit well with most people."

Do you have a GitHub project? Now you can sync your releases automatically with SourceForge and take advantage of both platforms.
Do you have a GitHub project? Now you can automatically sync your releases to SourceForge & take advantage of both platforms. The GitHub Import Tool allows you to quickly & easily import your GitHub project repos, releases, issues, & wiki to SourceForge with a few clicks. Then your future releases will be synced to SourceForge automatically. Your project will reach over 35 million more people per month and you’ll get detailed download statistics.
Sync Now


report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK