Gigabyte firmware bug allows installation of UEFI malware

Posted on Tuesday, Apr 04 2017 @ 13:12 CEST by Thomas De Maesschalck
Gigabyte logo
At last week's BlackHat Asia 2017 security conference, Cylance security experts demonstrated how vulnerabilities in the firmware of the Gigabyte BRIX computers can be abused to load malware into the motherboard's UEFI firmware. The danger of this type of attack is that it's very persistent and can remain undetected for a long time.

The researchers showed a proof-of-concept UEFI ransomware at the event but fortunately they've worked with Gigabyte, American Megatrends (MAI) and CERT/CC to fix the bugs in time. Gigabyte will issue updates very soon, except for devices that reached EOL:
Cylance researchers said they've identified these flaws at the start of the year, and have worked with Gigabyte, American Megatrends Inc. (AMI), and CERT/CC to fix the flaws in time.

Affected Gigabyte devices include GB-BSi7H-6500 (firmware version vF6), and GB-BXi7-5775 (firmware version vF2).

Gigabyte is expected to release firmware vF7 for GB-BSi7H-6500 devices in the upcoming days. The GB-BXi7-5775 line is not being produced anymore and has reached EOL (End Of Life), so Gigabyte won't be releasing a new firmware for this series.
Via: Bleeping Computer

About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.

Loading Comments