Cybersecurity experts from Eclypsium clarified A vulnerability in the firmware of 271 Gigabyte motherboard models that could allow attackers to inject malicious code into the system.
The source of the vulnerability is the firmware update software that Gigabyte integrates into its products. This software automatically checks and downloads the latest firmware from the internet every time the system is started. However, according to Eclypsium, this process lacks proper security and authentication mechanisms, making it vulnerable to attacks.
In addition, firmware update software can use local NAS storage as an update source, which can also be used by attackers to replace real firmware with fake firmware. Thus, malicious code that can give hackers full control over the system can be downloaded and executed at the motherboard firmware level.
Eclypsium has reported a security vulnerability for Gigabyte. The companies are already collaborating to develop a fix. For now, Gigabyte motherboard users are advised to disable “APP Center Download and Install” in the firmware settings, set a BIOS-level password, and block access to the three sites the software uses to update firmware.
Former cyber expert Bederov saidNSA virus on iPhone can only be detected by Internet traffic.