Article written by Condé Nast, Andy Greenberg, Shayla Love, Wired Staff, Lauren Goode, Will Knight, Matt Burgess, Justin Pot, Kim Zetter, Reece Rogers, via https://www.wired.com on 31 May 2023
Hiding malicious programs in a computer’s UEFI firmware, the deep-seated code that tells a PC how to load its operating system, has become an insidious trick in the toolkit of stealthy hackers.
But when a motherboard manufacturer installs its own hidden backdoor in the firmware of millions of computers—and doesn’t even put a proper lock on that hidden back entrance—they’re practically doing hackers’ work for them.
Researchers at firmware-focused cybersecurity company Eclypsium revealed today that they’ve discovered a hidden mechanism in the firmware of motherboards sold by the Taiwanese manufacturer Gigabyte, whose components are commonly used in gaming PCs and other high-performance computers.
Whenever a computer with the affected Gigabyte motherboard restarts, Eclypsium found, code within the motherboard’s firmware invisibly initiates an updater program that runs on the computer and in turn downloads and executes another piece of software.
And because the updater program is triggered from the computer’s firmware, outside its operating system, it’s tough for users to remove or even discover.