Experts from firmware and hardware security company Eclypsium said that hundreds of Gigabyte motherboard models contain a backdoor that could pose a significant risk to organizations.
蚀 specialists speak about the presence of a backdoor, based on the behavior associated with this functionality, which caused trigger of alerts on the company’s platform.
让我提醒你,我们还讨论过 Cybercriminals deliver backdoor to victims’ computers with 英伟达 司机, 还有那个 Prynt Stealer Malware Contains a Backdoor and Steals Data from Hackers.
Also, information security specialists wrote that New PowerShell Backdoor Masquerades as a Windows Update.
In particular, the researchers determined that the firmware of many 技嘉 主板包含一个 Windows 二进制文件,该二进制文件在操作系统启动时执行. 然后,该文件下载并启动从千兆字节服务器收到的另一个有效负载.
It is noted that the payload is loaded via an insecure connection (HTTP 或 HTTPS 配置不正确) 并且不会以任何方式检查文件的合法性.
Experts admit that there is no evidence that this backdoor was used for malicious purposes, and the functionality itself is associated with the Gigabyte App Center, and this is confirmed by the documentation on the manufacturer’s website.
然而, according to representatives of Eclypsium, it is difficult to completely rule out the possibility that this is a malicious backdoor that penetrated Gigabyte’s firmware either through the efforts of intruders or as a result of hacking the company’s systems. It’s also hard to tell if the backdoor wasn’t introduced into the firmware while the hardware was moving up the supply chain.
Even if this is legitimate functionality, experts warn that it can still be exploited by attackers, and hackers often use such tools in their attacks.
Eclypsium also emphasizes that hackers can use an insecure connection between the system and Gigabyte servers to spoof the payload and implement a 中间人 攻击.
Eclypsium includes a list of over 270 Gigabyte motherboards affected by this issue with its report. 那是, the backdoor is probably present on millions of devices.
The company says it is working with Gigabyte to resolve the issue (which will likely require a firmware update). 然而, there has been no official comment from Gigabyte yet.
发表评论