The Characteristic Is Invisible To You, However Not To Hackers
Gigabyte had good intentions designing a characteristic on their motherboards that calls residence each reboot to see if there may be any new firmware which may very well be put in mechanically and with out the consumer needing to do something. From the Ars Technica article it looks like this isn’t a lot a BIOS replace however firmware for the varied options your motherboard gives, be it audio or networking. We’re not huge followers of computer systems silently phoning residence, and whereas Gigabyte meant properly they need to have included a option to disable it for customers that don’t need their laptop updating with out their intervention.
Nonetheless there’s a huge drawback with Gigabyte’s firmware autoupdate, it’s laughably insecure and is getting used to load software program onto unsuspecting individuals’s computer systems. Researchers at Eclypsium found the invisible updater downloads code with out correctly authenticating it, and even does it over HTTP! That provides attackers an enormous assault floor, as they may dump nearly any code onto a machine, with the consumer none the wiser.
Even worse, it’s unlikely this may be mounted with an replace which leaves tens of millions of Gigabyte motherboard house owners vulnerable to assault till their subsequent motherboard improve,
Discussion about this post