Hundreds of Gigabyte Motherboards Have a Backdoor Vulnerability
Take action: Be aware of the local updater issue of Gigabyte and keep your attention for the announcement of patches by Gigabyte or your computer vendor.
Learn More
Cybersecurity researchers from Eclypsium have discovered a critical vulnerability in the UEFI firmware of Gigabyte motherboards, impacting hundreds of models and potentially millions of units - both sold as separate motherboards as well as installed in OEM vendor systems.
The flaw is located in Gigabyte's Firmware Updater Program, which allows for automatic installation of firmware updates. The Updater Program is meant to ease and automate the updating process.
Unfortunately, the implementation of the updater is riddled with issues, like enabling download from local network resource targets which enables spoofing of updater code by a local malicious actor, or the fact that the updater allows download from unencrypted HTTP protocol exposing to man-in-the-middle attacks.
Most Gigabyte motherboards supporting both AMD and Intel CPUs are vulnerable, including the latest products for Z790 and X670 chips. Because of the ability to download packages from local network devices the motherboards are vulnerable even if not connected to the internet.
Gigabyte is actively working on a patch to address this security issue.
