Researchers at cybersecurity company Eclypsium have discovered a hidden mechanism in the firmware of Gigabyte motherboards that could potentially be hijacked by hackers to install malware. The mechanism, designed to update the motherboard’s firmware, is implemented insecurely, allowing unauthorized code execution.
Why it matters: Eclypsium identified 271 models of Gigabyte motherboards that are affected by this vulnerability. Gigabyte has been notified of the issue, but even if a fix is released, it may not be effectively applied due to the complexities of firmware updates, potentially leaving affected devices vulnerable for years to come.
- The firmware of Gigabyte motherboards contains a hidden mechanism that could be exploited by hackers to install malicious software.
- The insecure implementation of the firmware mechanism allows unauthorized code execution, putting users at risk.
- “If you have one of these machines, you have to worry about the fact that it’s basically grabbing something from the internet and running it without you being involved, and hasn’t done any of this securely,” says John Loucaides, who leads strategy and research at Eclypsium.
