Hackers have been using a computer’s UEFI firmware, the hidden code that instructs a PC on how to boot its operating system, for years to infiltrate computers worldwide.
When a motherboard manufacturer installs its own hidden backdoor in the firmware of millions of computers, they are essentially doing the hackers’ job for them.
Researchers from cybersecurity company Eclypsium have revealed today that they have discovered a hidden mechanism in the firmware of motherboards sold by Taiwanese manufacturer Gigabyte. This brand is commonly found in gaming computers.
According to Eclypsium, every time a computer with the affected Gigabyte motherboard is restarted, a firmware code initiates an invisible updater program that runs on the computer and, in turn, downloads and executes additional software.
While Eclypsium claims that the hidden code is intended to be a harmless tool for keeping the motherboard firmware up to date, researchers discovered that it is implemented in an insecure manner, potentially allowing the mechanism to be hijacked and used to install malware instead of the intended program by Gigabyte.
Since the updater program is activated from the computer’s firmware, outside of its operating system, it is difficult for users to remove or even detect. Here’s how you can find out which motherboard you have.
In their blog post about the investigation, Eclypsium lists 271 models of Gigabyte motherboards that, according to the researchers, are affected. Loucaides adds that users who want to check which motherboard their computer is using can do so by going to “Start” in Windows and then selecting “System Information.”
Eclypsium states that they discovered Gigabyte’s hidden firmware mechanism while tracking customers’ computers for firmware-based malicious code, which is becoming increasingly common among sophisticated hackers. Take a look, just to make sure you haven’t been inadvertently hacked…
Some of the links added in the article are part of affiliate campaigns and may represent benefits for Softonic.