- cross-posted to:
- technology@lemmy.ml
- cross-posted to:
- technology@lemmy.ml
cross-posted from: https://feddit.de/post/721048
“While Eclypsium says the hidden code is meant to be an innocuous tool to keep the motherboard’s firmware updated, researchers found that it’s implemented insecurely, potentially allowing the mechanism to be hijacked and used to install malware instead of Gigabyte’s intended program.”
Okay, exactly how does a motherboard know how to request a file on the internet? Does it communicate with the drivers on the computer? And if so, wouldn’t the drivers be responsible for the download, not the motherboard itself?
Maybe this is just splitting hairs, but I want to understand the process
Microcontrollers can perfectly fine initiate connections and download stuff, and there’s plenty of those on a motherboard. I’m not sure if that’s also the case/flow here, but it could technically be.
Edit: Many modern UEFI BIOS’s can also initiate connections and check for updates themselves.
Does this mean that desktop computers are sending (or at least can send) your Wi-Fi passwords from the OS into the motherboard firmware? I don’t know if I want them to do this at all, but if they must, I hope it’s being done explicitly.
I just realized there was actually a linked article and… The way they actually do it seems worse.
Edit: formatting, I am learning