Firmware Backdoor Discovered in Gigabyte Motherboards, 250+ Models Affected

Eclypsium Labs during its research on supply chain security discovered a firmware backdoor in Gigabyte motherboards despite its big name in the gaming and technology industry. 

Gigabyte is one of the renowned manufacturers in the world for motherboards, especially high-end gaming motherboards. 

Cybersecurity Eclypsium reports that a firmware backdoor affected around 250+ models out of millions of tainted pieces of hardware including some new models. These motherboard models include chipsets from both AMD and Intel such as  Z790 and X670. This news makes everyone suspicious of who put this firmware backdoor in these products but when Gigabyte launched an update on June 1, it stirred up a lot of debate in the gaming sector. Although Gigabyte has been in the game since the eighties so why would such a big brand offset its reputation? 

Also Read: Kontron Presents Thin mITX Motherboard for 12th/13th Intel CoreTM CPUs

So two explanations could be made from this news

One there is a report that in August and October 2021, Gigabyte faced a malicious attack so the attacker might take access to sensitive software data. Secondly, engineers did not properly encrypt the firmware BIOS being an important feature. Gigabyte claims the firmware-supported feature on its product specs and official website.  

Check the latest news on BIOSTAR B650MT-E PRO: An Entry-Level MicroATX Motherboard with AMD B650 Chipset

Whenever the system restarts, a firmware runs a coding program that helps to update the latest firmware for the motherboard using an internet connection. Usually, the option to download the latest firmware updates pops up when someone installs their new windows. This firmware could be beneficial however it acts as a backdoor for criminals to get access to your system.

Check the Gigabyte B550M DS3H which is one of the budget motherboards for Ryzen 5 5600G in 2023

While checking Gigabyte’s motherboard Eclypsium found that the firmware updater program is unsafe. An attacker can easily manipulate and install viruses/threats on the system. Hackers won’t spare a moment targeting these systems and getting access to databases and file servers. 

Although Gigabyte launched a BIOS update patch for these affected motherboards in June. It also begins to work on its verification setup when downloading updates from remote servers and cryptographic verification to avoid any Machine-in-the-Middle (MITM) attacks. These are available on the official website of Gigabyte. 

Gigabyte has now recently launched Low-Cost Mini-ITX A620 Motherboard Supports Ryzen R9 7950X

However, if you cannot find a patch or are unable to get these verification setups, Eclypsium has issued ways to fix this issue. 

Enable UEFI/BIOS setup

Disable “APP Center Download & Install” 

Encrypt your BIOS with a password. 

Or you can simply block these three websites: 

• http://mb.download.gigabyte.com/FileList/Swhttp/LiveUpdate4
• https://mb.download.gigabyte.com/FileList/Swhttp/LiveUpdate4
• https://software-nas/Swhttp/LiveUpdate4

Different manufacturer’s motherboards such as ASUS and MSI motherboards work similarly to Gigabyte’s motherboards, so this raises a controversy as to whether these motherboards are safe or not.