Gigabyte’s Firmware AutoUpdate Feature Is Rather Insecure
The Feature Is Invisible To You, But Not To Hackers
Gigabyte had good intentions designing a feature on their motherboards that calls home every reboot to see if there is any new firmware which could be installed automatically and without the user needing to do anything. From the Ars Technica article it seems like this is not so much a BIOS update but firmware for the various features your motherboard offers, be it audio or networking. We are not big fans of computers silently phoning home, and while Gigabyte meant well they should have included a way to disable it for users that don’t want their computer updating without their intervention.
However there is a big problem with Gigabyte’s firmware autoupdate, it is laughably insecure and is being used to load software onto unsuspecting people’s computers. Researchers at Eclypsium discovered the invisible updater downloads code without properly authenticating it, and even does it over HTTP! That gives attackers a huge attack surface, as they could dump just about any code onto a machine, with the user none the wiser.
Even worse, it is unlikely this can be fixed with an update which leaves millions of Gigabyte motherboard owners susceptible to attack until their next motherboard upgrade,
Whenever a computer with the affected Gigabyte motherboard restarts, Eclypsium found, code within the motherboard’s firmware invisibly initiates an updater program that runs on the computer and in turn downloads and executes another piece of software.
Is that the Gigabyte Control Center they are referring to? – Because when I saw that thing pop up on first boot it 200% creeped me out. But it can be disabled in UEFI