#[1]alternate [2]alternate [3]alternate [4]alternate

  IFRAME: [5]https://www.googletagmanager.com/ns.html?id=GTM-NLXNPCQ

[6]Ars Technica

  [7]←
  [8]→
  0
  ____________________

    * [9]Biz & IT
    * [10]Tech
    * [11]Science
    * [12]Policy
    * [13]Cars
    * [14]Gaming & Culture
    * [15]Newsletter
    * [16]Forums
    * [17]Subscribe
    * [18]Store

[19]View Full Site

    * [20]light
    * [21]dark

[22]Log in

[23]Register

[24]Security

Millions of PC motherboards were sold with a firmware backdoor

Hidden code in many Gigabyte motherboards invisibly and insecurely downloads
programs.

  by [25]Andy Greenberg, wired.com - Jun 1, 2023 1:04 pm UTC
  [26]153

  [gigabyte-listing-800x533.jpg]
  BeeBright/Getty Images

  Hiding malicious programs in a computer’s UEFI firmware, the
  deep-seated code that tells a PC how to load its operating system, has
  become an insidious trick in the toolkit of stealthy hackers. But when
  a motherboard manufacturer installs its own hidden backdoor in the
  firmware of millions of computers—and doesn’t even put a proper lock on
  that hidden back entrance—they’re practically doing hackers’ work for
  them.

  Researchers at firmware-focused cybersecurity company Eclypsium
  revealed today that they’ve discovered a hidden mechanism in the
  firmware of motherboards sold by the Taiwanese manufacturer Gigabyte,
  whose components are commonly used in gaming PCs and other
  high-performance computers. Whenever a computer with the affected
  Gigabyte motherboard restarts, Eclypsium found, code within the
  motherboard’s firmware invisibly initiates an updater program that runs
  on the computer and in turn downloads and executes another piece of
  software.

  While Eclypsium says the hidden code is meant to be an innocuous tool
  to keep the motherboard’s firmware updated, researchers found that it’s
  implemented insecurely, potentially allowing the mechanism to be
  hijacked and used to install malware instead of Gigabyte’s intended
  program. And because the updater program is triggered from the
  computer’s firmware, outside its operating system, it’s tough for users
  to remove or even discover.

  [wired-logo.png] “If you have one of these machines, you have to worry
  about the fact that it’s basically grabbing something from the Internet
  and running it without you being involved, and hasn’t done any of this
  securely,” says John Loucaides, who leads strategy and research at
  Eclypsium. “The concept of going underneath the end user and taking
  over their machine doesn’t sit well with most people.”

  In its [27]blog post about the research, Eclypsium lists 271 models of
  Gigabyte motherboards that researchers say are affected. Loucaides adds
  that users who want to see which motherboard their computer uses can
  check by going to “Start” in Windows and then “System Information.”

  [28]Expand full story

  Page: 1 [29]2 [30]Next →

  [31]Reader comments 153
  Advertisement
   [32]← Older Story [33]Newer Story →

  [34][condenast-logo.png]
  CNMN Collection
  WIRED Media Group
  © 2023 Condé Nast. All rights reserved. Use of and/or registration on
  any portion of this site constitutes acceptance of our [35]User
  Agreement (updated 1/1/20) and [36]Privacy Policy and Cookie Statement
  (updated 1/1/20) and [37]Ars Technica Addendum (effective 8/21/2018).
  Ars may earn compensation on sales from links on this site. [38]Read
  our affiliate link policy.
  [39]Your California Privacy Rights | Do Not Sell My Personal
  Information
  The material on this site may not be reproduced, distributed,
  transmitted, cached or otherwise used, except with the prior written
  permission of Condé Nast.
  [40]Ad Choices

References

  1. http://feeds.arstechnica.com/arstechnica/index
  2. https://arstechnica.com/wp-json/wp/v2/posts/1943487
  3. https://arstechnica.com/wp-json/oembed/1.0/embed?url=https://arstechnica.com/security/2023/06/millions-of-pc-motherboards-were-sold-with-a-firmware-backdoor/
  4. https://arstechnica.com/wp-json/oembed/1.0/embed?url=https://arstechnica.com/security/2023/06/millions-of-pc-motherboards-were-sold-with-a-firmware-backdoor/&format=xml
  5. https://www.googletagmanager.com/ns.html?id=GTM-NLXNPCQ
  6. https://arstechnica.com/
  7. https://arstechnica.com/science/2023/06/ars-frontiers-recap-what-happens-to-developers-when-ai-can-code/
  8. https://arstechnica.com/science/2023/06/the-atlantic-hurricane-season-has-begun-what-we-know-and-what-we-dont/
  9. https://arstechnica.com/information-technology/
 10. https://arstechnica.com/gadgets/
 11. https://arstechnica.com/science/
 12. https://arstechnica.com/tech-policy/
 13. https://arstechnica.com/cars/
 14. https://arstechnica.com/gaming/
 15. https://arstechnica.com/newsletters/
 16. https://arstechnica.com/civis/
 17. https://arstechnica.com/store/product/subscriptions/
 18. https://arstechnica.com/store/
 19. https://arstechnica.com/security/2023/06/millions-of-pc-motherboards-were-sold-with-a-firmware-backdoor/?view=grid
 20. https://arstechnica.com/?mobile_theme=light
 21. https://arstechnica.com/?mobile_theme=dark
 22. https://arstechnica.com/civis/login?_xfRedirect=/security/2023/06/millions-of-pc-motherboards-were-sold-with-a-firmware-backdoor/
 23. https://arstechnica.com/civis/register/
 24. https://arstechnica.com/security/
 25. https://arstechnica.com/author/wired-com/
 26. https://arstechnica.com/security/2023/06/millions-of-pc-motherboards-were-sold-with-a-firmware-backdoor/?comments=1
 27. https://eclypsium.com/blog/supply-chain-risk-from-gigabyte-app-center-backdoor/
 28. https://arstechnica.com/security/2023/06/millions-of-pc-motherboards-were-sold-with-a-firmware-backdoor/
 29. https://arstechnica.com/security/2023/06/millions-of-pc-motherboards-were-sold-with-a-firmware-backdoor/2/
 30. https://arstechnica.com/security/2023/06/millions-of-pc-motherboards-were-sold-with-a-firmware-backdoor/2/
 31. https://arstechnica.com/security/2023/06/millions-of-pc-motherboards-were-sold-with-a-firmware-backdoor/?comments=1
 32. https://arstechnica.com/science/2023/06/ars-frontiers-recap-what-happens-to-developers-when-ai-can-code/
 33. https://arstechnica.com/science/2023/06/the-atlantic-hurricane-season-has-begun-what-we-know-and-what-we-dont/
 34. http://www.condenast.com/
 35. https://www.condenast.com/user-agreement/
 36. https://www.condenast.com/privacy-policy/
 37. https://arstechnica.com/amendment-to-conde-nast-user-agreement-privacy-policy/
 38. https://arstechnica.com/affiliate-link-policy/
 39. https://www.condenast.com/privacy-policy/#california
 40. https://www.condenast.com/online-behavioral-advertising-oba-and-how-to-opt-out-of-oba/#clickheretoreadmoreaboutonlinebehavioraladvertising(oba)

You are viewing proxied material from 1436.ninja. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.