Click to Skip Ad
Closing in...

Gigabyte shipped millions of motherboards with a dangerous firmware backdoor

Published Jun 1st, 2023 5:44PM EDT
Gigabyte motherboards contain a dangerous backdoor.
Image: Gigabyte

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

According to cybersecurity experts from Eclypsium, computer hardware manufacturer Gigabyte installed a backdoor in the firmware of its motherboards, putting 271 motherboard models at risk of being hacked. The lengthy list of affected models features nearly every motherboard Gigabyte has put out in recent years, including the latest Z790 and X670 units.

As Eclypsium’s blog explains, Gigabyte embedded a Windows executable into the firmware of its motherboards that runs when the computer boots up. In other words, every time you reboot your computer, code in the motherboard’s firmware initiates Gigabyte’s app center, which downloads and runs an executable payload from the internet.

“The firmware does not implement any cryptographic digital signature verification or any other validation over the executables,” Eclypsium warns. “The dropped executable and the normally-downloaded Gigabyte tools do have a Gigabyte cryptographic signature that satisfies the code signing requirements of Microsoft Windows, but this does little to offset malicious use […] As a result, any threat actor can use this to persistently infect vulnerable systems either via MITM (machine-in-the-middle attacks) or compromised infrastructure.”

If you aren’t sure which motherboard your PC has, you can check by going to Start > Windows Tools > System Information. Look for “BaseBoard Manufacturer” and “BaseBoard Product.” If the product you see is on the list, you might want to take action.

Here are a few recommendations from Eclypsium to minimize risk:

Eclypsium is currently working with Gigabyte to address this backdoor implementation.

Jacob Siegal
Jacob Siegal Associate Editor

Jacob Siegal is Associate Editor at BGR, having joined the news team in 2013. He has over a decade of professional writing and editing experience, and helps to lead our technology and entertainment product launch and movie release coverage.