Millions of PCs could be targeted by hackers in firmware blunder

Sayem Ahmed
Gigabyte B660 Gaming x

PCs running on Gigabyte motherboards could be vulnerable to hackers as a UEFI firmware vulnerability has been identified on over 271 of the company’s products, potentially affecting millions.

Millions of Gigabyte-manufactured motherboards could house a significant security risk, leaving millions open to backdoor hackers. The vulnerability was first identified by cybersecurity company Eclypsium in a blog post.

Gigabyte also operates the Aorus sub-brand, which is also affected. Motherboards affected range from 8th-gen Intel systems and Zen 2 Ryzen chipsets all the way up to Intel 13th Gen and Zen 4.

The vulnerability in question lies within the Gigabyte motherboard’s UEFI firmware, which houses a function to install software on the system. The function downloads and executes software. The problem here is that Gigabyte has not secured the channel in which programs are installed via the UEFI firmware, leaving it completely open to potential hackers.

Eclypsium claims that this function is present to ensure that the motherboard’s firmware is kept up to date. However, the set of instructions that it sends is insecure, leaving users in an incredibly precarious position. The company has identified that over 271 models of Gigabyte motherboards are affected. We’ve recently heard that the hacking group Volt Typhoon is directly targeting this exact kind of attack vector to gain access to the PCs of their targets.

The good news here is that Eclypsium is directly working with Gigabyte in order to address the vulnerability, though the company has not issued any official statement at the time of writing.

There’s no easy fix

hacker black and white

According to John Loucaides, strategy, and research lead at Eclypsium stated in a Wired report that there will be no easy way to fix the vulnerability. This is due to the nature of firmware updates that can silently abort on affected machines due to their complexity.

Rich Smith, Chief Security Officer of cybersecurity firm Crash Override further states: “If you don’t have trust in your firmware, you’re building your house on sand.”

There are no reported misuses of the vulnerability

There is no evidence of misuse of the vulnerability by any malevolent actors currently. Though, it stresses the importance of security in everyone’s everyday computers and should make manufacturers think twice about user security before including similar features in their products.

Got a Gigabyte motherboard? This is what you should do next

If you are running a Gigabyte system, or have a motherboard that is affected by this vulnerability, Eclypsium has listed several things that users should take in order to minimize the risks to their systems.

  • Update to the latest software and firmware versions (Run a BIOS update)
  • Disable the Gigabyte App Center installation within your UEFI BIOS and set a BIOS password
  • Block these URLs on your network:

“http://mb.download.gigabyte.com/FileList/Swhttp/LiveUpdate4”

“https://mb.download.gigabyte.com/FileList/Swhttp/LiveUpdate4”

“https://software-nas/Swhttp/LiveUpdate4”

Affected Gigabyte & Aorus motherboards

Eclypsium has published a table of affected motherboards, which includes popular budget models such as the DS3H in a variety of chipsets. Do note your own motherboard’s revision when checking the full list, which can be found here.

ChipsetMotherboards
AXXXA520M-S2H-rev-1x, A620M-GAMING-X-AX-rev-10, A620M-GAMING-X-rev-10
B36XB360M-DS3H-rev-10, B365-HD3-rev-10, B365M-DS3H-rev-10
B450B450-AORUS-Elite-V2-rev-1x, B450-AORUS-M-rev-1x, B450-Gaming-X-rev-1x, B450M-AORUS-ELITE-rev-1x, B450M-DS3H-rev-1x, B450M-DS3H-V2-rev-1x, B450M-DS3H-WIFI-rev-1x, B450M-GAMING-rev-1x, B450M-H-rev-1x, B450M-K-rev-10, B450M-S2H-rev-1x
B460B460-AORUS-PRO-AC-rev-10, B460-HD3-rev-10, B460M-AORUS-PRO-rev-10, B460M-D2V-rev-10, B460M-D3H-rev-10, B460M-DS3H-AC-rev-1x, B460M-DS3H-rev-10, B460M-GAMING-HD-rev-10, B460M-POWER-rev-10
B550B550-AORUS-ELITE-AX-rev-10, B550-AORUS-ELITE-AX-V2-rev-12, B550-AORUS-ELITE-AX-V2-rev-12-13, B550-AORUS-ELITE-rev-10, B550-AORUS-ELITE-V2-rev-12, B550I-AORUS-PRO-AX-rev-10, B550I-AORUS-PRO-AX-rev-11, B550I-AORUS-PRO-AX-rev-12, B550M-AORUS-ELITE-AX-rev-13, B550M-AORUS-ELITE-rev-10-11-12, B550M-AORUS-ELITE-rev-13, B550M-AORUS-ELITE-rev-1x, B550M-AORUS-PRO-AX-rev-10, B550M-AORUS-PRO-AX-rev-11, B550M-AORUS-PRO-P-rev-10, B550M-AORUS-PRO-P-rev-11, B550M-AORUS-PRO-P-rev-12, B550M-AORUS-PRO-rev-10, B550M-DS3H-AC-rev-10-11-12-13, B550M-DS3H-AC-rev-10-11-12-13-14, B550M-DS3H-AC-rev-14, B550M-DS3H-AC-rev-15-16, B550M-DS3H-AC-rev-1x, B550M-DS3H-rev-10-11-12-13, B550M-DS3H-rev-14, B550M-DS3H-rev-15, B550M-DS3H-rev-1x, B550M-GAMING-rev-1x, B550M-K-rev-10, B550M-S2H-rev-1x
B560B560-AORUS-PRO-AX-rev-10, B560-HD3-rev-1x, B560I-AORUS-PRO-AX-rev-10, B560M-AORUS-ELITE-rev-1x, B560M-AORUS-PRO-AX-rev-1x, B560M-AORUS-PRO-rev-1x, B560M-D2V-rev-1x, B560M-D3H-rev-1x, B560M-DS3H-AC-rev-1x, B560M-DS3H-PLUS-rev-10, B560M-DS3H-V2-rev-10, B560M-GAMING-HD-rev-1x, B560M-H-rev-1x, B560M-H-V2-rev-10, B560M-POWER-rev-1x
B650B650-AERO-G-rev-10, B650-AORUS-ELITE-AX-rev-1x, B650-AORUS-ELITE-rev-10, B650-AORUS-PRO-AX-rev-1x, B650-GAMING-X-AX-rev-10-11, B650-GAMING-X-AX-rev-1x, B650-GAMING-X-rev-10, B650-GAMING-X-rev-10-11, B650E-AORUS-MASTER-rev-10, B650E-AORUS-TACHYON-rev-10, B650I-AORUS-ULTRA-rev-10, B650M-AORUS-ELITE-AX-rev-1x, B650M-AORUS-ELITE-rev-10, B650M-AORUS-PRO-AX-rev-1x, B650M-C-rev-10, B650M-DS3H-rev-10, B650M-GAMING-X-AX-rev-1x, B650M-K-rev-10
B660B660-AORUS-ELITE-AX-DDR4-rev-10, B660-AORUS-ELITE-DDR4-rev-10, B660-AORUS-MASTER-DDR4-rev-10, B660-AORUS-MASTER-DDR4-rev-1x, B660-AORUS-MASTER-rev-1x, B660-DS3H-AC-DDR4-rev-10, B660-DS3H-AC-DDR4-rev-10-12, B660-DS3H-AC-DDR4-rev-11, B660-DS3H-AC-rev-10, B660-DS3H-AX-DDR4-rev-10, B660-DS3H-AX-DDR4-rev-10-11, B660-DS3H-DDR4-rev-10, B660-DS3H-DDR4-rev-10-11, B660-GAMING-X-AX-DDR4-rev-10, B660-GAMING-X-DDR4-rev-10, B660-GAMING-X-rev-10, B660I-AORUS-PRO-DDR4-rev-1x, B660M-AORUS-ELITE-AX-DDR4-rev-10, B660M-AORUS-ELITE-AX-DDR4-rev-1x, B660M-AORUS-ELITE-DDR4-rev-10, B660M-AORUS-ELITE-DDR4-rev-1x, B660M-AORUS-PRO-AX-DDR4-rev-1x, B660M-AORUS-PRO-AX-rev-1x, B660M-AORUS-PRO-DDR4-rev-10, B660M-AORUS-PRO-rev-10, B660M-D2H-DDR4-rev-10, B660M-D3H-DDR4-rev-10, B660M-DS3H-AX-DDR4-rev-1x, B660M-DS3H-DDR4-rev-10, B660M-GAMING-AC-DDR4-rev-10, B660M-GAMING-AC-DDR4-rev-1x, B660M-GAMING-AC-rev-10, B660M-GAMING-DDR4-rev-10, B660M-GAMING-X-AX-DDR4-rev-1x, B660M-GAMING-X-AX-rev-10, B660M-GAMING-X-DDR4-rev-10, B660M-GAMING-X-DDR4-rev-1x, B660M-GAMING-X-rev-10, B660M-POWER-DDR4-rev-10
B760B760M-POWER-rev-10
H510H510M-K-rev-10, H510M-K-rev-11, H510M-S2-rev-10-11-12, H510M-S2-rev-13, H510M-S2H-rev-10, H510M-S2H-V2-rev-10, H510M-S2H-V2-rev-11, H510M-S2H-V2-rev-13, H510M-S2P-rev-10, H510M-S2P-rev-10-12
H610H610I-DDR4-rev-10, H610M-H-DDR4-rev-10, H610M-H-DDR4-rev-11, H610M-H-DDR4-rev-11-13, H610M-H-DDR4-rev-12, H610M-H-rev-10, H610M-H-V2-DDR4-rev-10, H610M-HD3P-rev-10, H610M-HD3P-rev-20, H610M-K-DDR4-rev-10, H610M-S2-DDR4-rev-10, H610M-S2-DDR4-rev-11, H610M-S2-DDR4-rev-11-13, H610M-S2-DDR4-rev-12, H610M-S2-rev-10, H610M-S2-V2-DDR4-rev-10, H610M-S2H-DDR4-rev-10, H610M-S2H-DDR4-rev-11, H610M-S2H-DDR4-rev-11-13, H610M-S2H-DDR4-rev-12, H610M-S2H-rev-10, H610M-S2H-V2-DDR4-rev-10
X570X570S-AORUS-ELITE-AX-rev-11, X570S-AORUS-ELITE-rev-10, X570S-AORUS-MASTER-rev-10, X570S-AORUS-PRO-AX-rev-10, X570S-AORUS-PRO-AX-rev-11, X570S-GAMING-X-rev-10, X570S-UD-rev-10, X570SI-AORUS-PRO-AX-rev-10, X570SI-AORUS-PRO-AX-rev-11
X670X670-AORUS-ELITE-AX-rev-10, X670-AORUS-ELITE-AX-rev-11, X670-GAMING-X-AX-rev-10, X670E-AORUS-MASTER-rev-10, X670E-AORUS-XTREME-rev-10
Z590Z590-AORUS-ELITE-AX-rev-10, Z590-AORUS-ELITE-rev-10, Z590-AORUS-MASTER-rev-10, Z590-AORUS-PRO-AX-rev-10, Z590-AORUS-TACHYON-rev-10, Z590-AORUS-ULTRA-rev-10,
Z590-D-rev-10, Z590-GAMING-X-rev-1x, Z590-UD-AC-rev-1x, Z590-UD-rev-10, Z590I-AORUS-ULTRA-rev-10
Z690Z690-AERO-D-rev-10, Z690-AERO-D-rev-1x, Z690-AERO-G-DDR4-rev-10, Z690-AERO-G-DDR4-rev-1x, Z690-AERO-G-rev-10, Z690-AERO-G-rev-1x, Z690-AORUS-ELITE-AX-DDR4-rev-10, Z690-AORUS-ELITE-AX-DDR4-rev-1x, Z690-AORUS-ELITE-AX-DDR4-V2-rev-10, Z690-AORUS-ELITE-AX-rev-10, Z690-AORUS-ELITE-AX-rev-14, Z690-AORUS-ELITE-AX-rev-1x, Z690-AORUS-ELITE-DDR4-rev-10, Z690-AORUS-ELITE-DDR4-rev-1x, Z690-AORUS-ELITE-DDR4-V2-rev-10, Z690-AORUS-ELITE-rev-10, Z690-AORUS-ELITE-STEALTH-rev-10, Z690-AORUS-MASTER-rev-10, Z690-AORUS-MASTER-rev-1x, Z690-AORUS-PRO-DDR4-rev-10, Z690-AORUS-PRO-DDR4-rev-1x, Z690-AORUS-PRO-rev-10, Z690-AORUS-PRO-rev-1x, Z690-AORUS-TACHYON-rev-10, Z690-AORUS-ULTRA-rev-10, Z690-AORUS-ULTRA-rev-1x, Z690-AORUS-XTREME-rev-10, Z690-AORUS-XTREME-WATERFORCE-rev-10, Z690-GAMING-X-DDR4-rev-10, Z690-GAMING-X-DDR4-rev-11, Z690-GAMING-X-DDR4-V2-rev-10, Z690-GAMING-X-rev-10, Z690-GAMING-X-rev-10-11, Z690-UD-AC-rev-10, Z690-UD-AX-DDR4-rev-10, Z690-UD-AX-DDR4-rev-1x, Z690-UD-AX-DDR4-V2-rev-10, Z690-UD-AX-rev-10, Z690-UD-AX-rev-1x, Z690-UD-DDR4-rev-10, Z690-UD-DDR4-rev-1x, Z690-UD-DDR4-V2-rev-10, Z690-UD-rev-10, Z690-UD-rev-1x, Z690I-AORUS-ULTRA-DDR4-rev-10, Z690I-AORUS-ULTRA-LITE-DDR4-rev-10, Z690I-AORUS-ULTRA-LITE-rev-10, Z690I-AORUS-ULTRA-PLUS-DDR4-rev-10, Z690I-AORUS-ULTRA-PLUS-rev-10, Z690I-AORUS-ULTRA-rev-10, Z690M-AORUS-ELITE-AX-DDR4-rev-10, Z690M-AORUS-ELITE-AX-DDR4-rev-1x, Z690M-AORUS-ELITE-DDR4-rev-10, Z690M-DS3H-DDR4-rev-10
Z790Z790-AERO-G-rev-10, Z790-AORUS-ELITE-AX-DDR4-rev-10, Z790-AORUS-ELITE-AX-rev-10, Z790-AORUS-ELITE-AX-rev-11, Z790-AORUS-ELITE-DDR4-rev-10, Z790-AORUS-ELITE-rev-10, Z790-AORUS-ELITE-rev-11, Z790-AORUS-MASTER-rev-10, Z790-AORUS-TACHYON-rev-10, Z790-AORUS-XTREME-rev-10, Z790-D-DDR4-rev-10, Z790-GAMING-X-AX-rev-10, Z790-GAMING-X-AX-rev-1x, Z790-GAMING-X-rev-10, Z790-UD-AC-rev-10, Z790-UD-AX-rev-10, Z790-UD-rev-10, Z790I-AORUS-ULTRA-rev-10, Z790M-AORUS-ELITE-AX-rev-10, Z790M-AORUS-ELITE-rev-10
MiscN4120I-H-rev-10, N5105I-H-rev-10, GA-B560M-D3P-rev-10, Q670M-D3H-DDR4-rev-10, W480M-VISION-W-rev-10