Hidden Firmware Backdoor: Gigabyte Motherboards Undermine User Trust and Security

Summary

In May 2023, firmware security firm Eclypsium disclosed a hidden mechanism embedded in the UEFI firmware of 271 Gigabyte motherboard models that effectively functioned as a backdoor. The code, intended to facilitate automatic firmware updates from Gigabyte's servers, downloaded and executed files during the system boot process without sufficient security verification, exposing an estimated 7 million devices to potential exploitation.

Researchers warned that malicious actors with knowledge of the mechanism could intercept the download process through man-in-the-middle attacks or compromise Gigabyte's own servers to push malware directly onto affected machines. Gigabyte responded by releasing updated firmware that added cryptographic signature verification. Users were also advised to disable the APP Center Download & Install feature in BIOS settings and set a BIOS password as interim mitigations.