Experts from firmware and hardware security company Eclypsium said that hundreds of Gigabyte motherboard models contain a backdoor that could pose a significant risk to organizations.
Eclipse especialistas speak about the presence of a backdoor, based on the behavior associated with this functionality, which caused trigger of alerts on the company’s platform.
Déjame recordarte que también hablamos de Cybercriminals deliver backdoor to victims’ computers with Nvidia conductor, y tambien eso Ladrón Prynt Malware Contains a Backdoor and Steals Data from Hackers.
Also, information security specialists wrote that New PowerShell Backdoor Masquerades as a Windows Update.
En particular, the researchers determined that the firmware of many gigabytes Las placas base contienen un binario de Windows que se ejecuta cuando se inicia el sistema operativo.. Este archivo luego descarga e inicia otra carga útil recibida de los servidores de Gigabyte..
It is noted that the payload is loaded via an insecure connection (HTTP o HTTPS configurado incorrectamente) y la legitimidad del archivo no se verifica de ninguna manera.
Experts admit that there is no evidence that this backdoor was used for malicious purposes, and the functionality itself is associated with the Gigabyte App Center, and this is confirmed by the documentation on the manufacturer’s website.
Sin embargo, according to representatives of Eclypsium, it is difficult to completely rule out the possibility that this is a malicious backdoor that penetrated Gigabyte’s firmware either through the efforts of intruders or as a result of hacking the company’s systems. It’s also hard to tell if the backdoor wasn’t introduced into the firmware while the hardware was moving up the supply chain.
Even if this is legitimate functionality, experts warn that it can still be exploited by attackers, and hackers often use such tools in their attacks.
Eclypsium also emphasizes that hackers can use an insecure connection between the system and Gigabyte servers to spoof the payload and implement a hombre en el medio ataque.
Eclypsium includes a list of over 270 Gigabyte motherboards affected by this issue with its report. Eso es, the backdoor is probably present on millions of devices.
The company says it is working with Gigabyte to resolve the issue (which will likely require a firmware update). Sin embargo, there has been no official comment from Gigabyte yet.
Deja un comentario