Experts from firmware and hardware security company Eclypsium said that hundreds of Gigabyte motherboard models contain a backdoor that could pose a significant risk to organizations.
Zaćmienie specialists speak about the presence of a backdoor, based on the behavior associated with this functionality, which caused trigger of alerts on the company’s platform.
Przypomnę, że o tym też rozmawialiśmy Cybercriminals deliver backdoor to victims’ computers with NVIDIA kierowca, i to też Prynt Stealer Malware Contains a Backdoor and Steals Data from Hackers.
Also, information security specialists wrote that New PowerShell Backdoor Masquerades as a Windows Update.
W szczególności, the researchers determined that the firmware of many Gigabajt płyty główne zawierają plik binarny systemu Windows, który jest wykonywany podczas uruchamiania systemu operacyjnego. Plik ten następnie pobiera i uruchamia kolejny ładunek otrzymany z serwerów Gigabyte.
It is noted that the payload is loaded via an insecure connection (HTTP lub niepoprawnie skonfigurowany HTTPS) a legalność pliku nie jest w żaden sposób sprawdzana.
Experts admit that there is no evidence that this backdoor was used for malicious purposes, and the functionality itself is associated with the Gigabyte App Center, and this is confirmed by the documentation on the manufacturer’s website.
Jednakże, according to representatives of Eclypsium, it is difficult to completely rule out the possibility that this is a malicious backdoor that penetrated Gigabyte’s firmware either through the efforts of intruders or as a result of hacking the company’s systems. It’s also hard to tell if the backdoor wasn’t introduced into the firmware while the hardware was moving up the supply chain.
Even if this is legitimate functionality, experts warn that it can still be exploited by attackers, and hackers often use such tools in their attacks.
Eclypsium also emphasizes that hackers can use an insecure connection between the system and Gigabyte servers to spoof the payload and implement a człowiek w środku atak.
Eclypsium includes a list of over 270 Gigabyte motherboards affected by this issue with its report. To jest, the backdoor is probably present on millions of devices.
The company says it is working with Gigabyte to resolve the issue (which will likely require a firmware update). Jednakże, there has been no official comment from Gigabyte yet.
Zostaw komentarz