Gigabyte Rolls Out Firmware Update to Mend Firmware Backdoor

By Zhiye Liu
published

New firmware places stricter security measures in place.

X670E Aorus Xtreme
X670E Aorus Xtreme (Image credit: Gigabyte)

In a quick response to the recently uncovered firmware backdoor in over 250 models of Gigabyte motherboards, the company has launched new beta firmware that mitigates the potential security risk. Unfortunately, the list encompasses new and old motherboards from a few years ago, hence Gigabyte's urgent reaction to patching things up. Today, consumers can download the updated firmware for their affected Intel and AMD motherboards at Gigabyte's official website.

Gigabyte didn't provide in-depth details on the new firmware. However, the manufacturer has seemingly implemented stricter security controls during the boot process. According to Gigabyte, the improved security mechanisms will detect and prevent malicious activities during the boot process.

As a quick recap, the updater program resides inside the motherboard's firmware, so it's a sensitive subject. It's not like you can uninstall the program from the Control Panel or delete the process manually. Unless the option is manually disabled inside the firmware, the program automatically copies itself to the operating system and calls home Gigabyte's remote servers to check for new firmware once fully loaded. Wouldn't it be ironic if the updater program pushed the latest firmware to Gigabyte motherboards? The program with the potential vulnerability is also the same one that delivers the fix.

It would appear that Gigabyte has also made some significant changes on the end of the remote servers. For example, the vendor has enhanced the signature verification process for files downloaded from the company's remote servers. In addition, it conducts a more thorough check of the integrity of the files to prevent cyber criminals from inserting their malicious code to infect users' systems with malware.

On the other hand, Gigabyte has enabled standard cryptographic verification of remote server certificates. This should help improve the privilege access limitations. Why Gigabyte didn't previously have this feature activated in the first place is beyond us.

Owners of Intel 700-and 600-series motherboards and AMD 500-and 400-series motherboards will get first dibs on the new firmware. Corresponding firmware updates for Intel 500-and 400-series motherboards and AMD 600-series motherboards will be available on their respective product pages later today. The description of the new firmware reads: "Addresses Download Assistant Vulnerabilities Reported by Eclypsium Research."

Gigabyte wants to assure owners of older motherboards that the company hasn't forgotten about them. The company has prepared new firmware for previously launched motherboards that will be available later today.

Zhiye Liu
Zhiye Liu
RAM Reviewer and News Editor

Zhiye Liu is a Freelance News Writer at Tom’s Hardware US. Although he loves everything that’s hardware, he has a soft spot for CPUs, GPUs, and RAM.

10 Comments Comment from the forums
  • Metal Messiah.
    Hiding malicious programs in a computer’s UEFI firmware has become a cunning trick lately in the toolkit of stealthy hackers.

    But when a motherboard vendor installs its own hidden backdoor in the firmware of millions of systems, and doesn’t even put a proper lock on that hidden back entrance, then they’re practically doing hackers’ work for them.
    Reply
  • peachpuff
    Metal Messiah. said:
    But when a motherboard vendor installs its own hidden backdoor
    Its an updater not a backdoor.
    Reply
  • toffty
    peachpuff said:
    Its an updater not a backdoor.
    If we're being super pedantic, you're correct.
    If we're talking about the end result, this updater is a backdoor with a rusty pad lock on it.
    Reply
  • helper800
    peachpuff said:
    Its an updater not a backdoor.
    Too-may-toe, too-mah-toe.
    Reply
  • Alvar "Miles" Udell
    Considering AMD boards do not have the best track record with hurriedly released beta bios, I think I'll wait until it's properly tested and just leave the useless Gigabyte App Center option disabled, as it should be anyway.
    Reply
  • peachpuff
    toffty said:
    If we're being super pedantic, you're correct.
    If we're talking about the end result, this updater is a backdoor with a rusty pad lock on it.
    Let me know when you can get past that rusty padlock, i'll wait.
    Reply
  • toffty
    peachpuff said:
    Let me know when you can get past that rusty padlock, i'll wait.
    The article itself already listed easy-to-setup ways to break that lock ;)
    Heck you can do it right now with your router if you'd like and hijack yourself! Just edit the routing table.
    Reply
  • setx
    peachpuff said:
    Let me know when you can get past that rusty padlock, i'll wait.
    And why should he tell you? This information can be sold for serious money.
    One firm being responsible with alerting public doesn't mean others would follow. That is the main problem with such vendor backdoors.

    Also very annoying for such "features" is that they automatically turn on after each BIOS update, you can't just once disable it and forget.
    Reply
  • Psiboy69
    Admin said:
    New firmware to mitigate the recently discovered backdoor in over 250 Gigabyte AMD and Intel motherboard models is now available for download.

    Gigabyte Rolls Out Firmware Up to Mend Firmware Backdoor : Read more
    I own 2 x b550 gigabyte boards no update yet, neither of which have the option in the bios to turn of the updater. So maybe chrck all the boards pages before parotting Gigabyte's lies! (Aorus master and Aorus Pro ax) I also have the Aorus x570s Aorus Pro AX which already had the option to disable the updater in the bios (which I'd already done) but they have rushed out a bios for that one! Probably removes the ability to turn it off so they can stick it where the sun don't shine!
    Reply
  • SpeedracerXT
    Odd, can't flash the new BIOS on my AORUS Z590 Master - 'BIOS ID check error' every time.
    Reply