BeeBright/Getty Images
Hiding malicious programs in a computer’s UEFI firmware, the entrenched code that tells a PC how to load its operating system, has become an insidious trick in the toolkit of stealthy hackers. But when a motherboard manufacturer installs its own hidden back door into the firmware of millions of computers — and doesn’t even put a proper lock on that hidden back door — they’re practically doing hackers’ work for them.
Researchers at firmware-focused cybersecurity firm Eclypsium revealed today that they have uncovered a hidden mechanism in the firmware of motherboards sold by Taiwanese manufacturer Gigabyte, the components of which are commonly used in gaming PCs and other high-performance computers. Whenever a computer with the affected Gigabyte motherboard reboots, Eclypsium found, code in the motherboard’s firmware invisibly launches an update program that runs on the computer and in turn downloads and runs another piece of software.
While Eclypsium says the hidden code is intended as a harmless tool to keep the motherboard’s firmware up to date, researchers found it was implemented insecurely, potentially allowing the mechanism to be hijacked and used to install malware instead of Gigabyte’s intended program. And because the updater is triggered from within the computer’s firmware, outside of the operating system, it is difficult for users to remove or even discover it.
“If you have one of these machines you have to worry about the fact that it’s basically pulling something from the internet and running it without you involved, and it didn’t do any of this securely,” says John Loucaides, head of strategy and research at Eclypsium. “The concept of going under the end user and taking over their machine doesn’t sit well with most people.”
In its blog post about the investigation, Eclypsium lists 271 models of Gigabyte motherboards that researchers say are affected. Loucaides adds that users who want to see which motherboard their computer is using can check by going to “Start” in Windows, then “System Information.”
