Gigabyte’s Firmware AutoUpdate Characteristic Is Relatively Insecure

The Characteristic Is Invisible To You, However Not To Hackers

Gigabyte had good intentions designing a characteristic on their motherboards that calls house each reboot to see if there’s any new firmware which might be put in mechanically and with out the consumer needing to do something.  From the Ars Technica article it looks as if this isn’t a lot a BIOS replace however firmware for the varied options your motherboard gives, be it audio or networking.   We aren’t huge followers of computer systems silently phoning house, and whereas Gigabyte meant nicely they need to have included a strategy to disable it for customers that don’t need their laptop updating with out their intervention.

Nevertheless there’s a huge downside with Gigabyte’s firmware autoupdate, it’s laughably insecure and is getting used to load software program onto unsuspecting individuals’s computer systems.  Researchers at Eclypsium found the invisible updater downloads code with out correctly authenticating it, and even does it over HTTP!  That offers attackers an enormous assault floor, as they might dump nearly any code onto a machine, with the consumer none the wiser.

Even worse, it’s unlikely this may be fastened with an replace which leaves tens of millions of Gigabyte motherboard homeowners inclined to assault till their subsequent motherboard improve,