- cross-posted to:
- technology@lemmy.ml
- cross-posted to:
- technology@lemmy.ml
cross-posted from: https://feddit.de/post/721048
“While Eclypsium says the hidden code is meant to be an innocuous tool to keep the motherboard’s firmware updated, researchers found that it’s implemented insecurely, potentially allowing the mechanism to be hijacked and used to install malware instead of Gigabyte’s intended program.”
Millions of Gigabyte modems
They’re called Petabyte modems, SMH
Okay, exactly how does a motherboard know how to request a file on the internet? Does it communicate with the drivers on the computer? And if so, wouldn’t the drivers be responsible for the download, not the motherboard itself?
Maybe this is just splitting hairs, but I want to understand the process
Microcontrollers can perfectly fine initiate connections and download stuff, and there’s plenty of those on a motherboard. I’m not sure if that’s also the case/flow here, but it could technically be.
Edit: Many modern UEFI BIOS’s can also initiate connections and check for updates themselves.
Does this mean that desktop computers are sending (or at least can send) your Wi-Fi passwords from the OS into the motherboard firmware? I don’t know if I want them to do this at all, but if they must, I hope it’s being done explicitly.
I just realized there was actually a linked article and… The way they actually do it seems worse.
Eclypsium automated heuristics detected firmware on Gigabyte systems that drops an executable Windows binary that is executed during the Windows startup process.
This executable binary insecurely downloads and executes additional payloads from the Internet.
Edit: formatting, I am learning
Disable it using registry edit:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager] "DisableWpbtExecution"=dword:00000001