Cybersecurity firm Eclypsium has warned of a major vulnerability in Gigabyte’s motherboards, and has warned that over 400 models for Intel and AMD processors are at risk. The cause of the vulnerability would appear to be an update software called App Centerwhich Gigabyte uses to check if the BIOS of the motherboard is up to date. But according to Eclypsium, the program would allow hackers to ininstall malware and check your PC. Gigabyte has advised its customers to update the firmware to fix the flaw.
Gigabyte, vulnerabilities in motherboards: update the BIOS
Eclypsium has detected that the program installs code onto a user’s system without proper verification. Don’t check the cryptographic digital signature or other validation methods of the executable file. Therefore, HTTP and HTTPS connections are exposed to possible Machine-in-the-middle (MITM) attacks.
Also, Eclypsium has found that the program can download updates from a NAS in the local network, creating an additional possibility of infecting the system with malware.
Eclypsium recommends disabling “APP Center Download & Install” dal firmware, set one BIOS level password to prevent malicious activity or block the three sites that the program links to. Alternatively, the solution is to go to the page dedicated to your specific motherboard on the Gigabyte site and download thelatest firmware.
The company explains: “Gigabyte engineers have already mitigated the potential risks and uploaded the Intel 700/600 and AMD 500/400 series beta BIOS on the official website after conducting extensive testing and validation of the new BIOS on Gigabyte motherboards. To strengthen system security, GIGABYTE has implemented stricter security checks during the OS boot process.”
Find more information on the Gigabyte website.
Leave a Reply
View Comments