Smith acknowledges that Gigabyte probably had no malicious or deceptive intent in its hidden firmware tool. But for me, this feels like it crosses a similar line in the firmware space.”
“I can’t speak to why Gigabyte chose this method to deliver their software. “You can use techniques that have traditionally been used by malicious actors, but that wasn’t acceptable, it crossed the line,” Smith says. Sony had hidden digital-rights-management code on CDs that invisibly installed itself on users’ computers and in doing so created a vulnerability that hackers used to hide their malware. He compares the situation to the Sony rootkit scandal of the mid-2000s. Smith has published research on firmware vulnerabilities and reviewed Eclypsium’s findings. Given the millions of potentially affected devices, Eclypsium’s discovery is “troubling,” says Rich Smith, who is the chief security officer of supply-chain-focused cybersecurity startup Crash Override. “I still think this will end up being a fairly pervasive problem on Gigabyte boards for years to come,” Loucaides says. Gigabyte did not respond to WIRED’s multiple requests for comment regarding Eclypsium’s findings.Įven if Gigabyte does push out a fix for its firmware issue-after all, the problem stems from a Gigabyte tool intended to automate firmware updates-Eclypsium’s Loucaides points out that firmware updates often silently abort on users’ machines, in many cases due to their complexity and the difficulty of matching firmware and hardware. Eclypsium says it has been working with Gigabyte to disclose its findings to the motherboard manufacturer, and that Gigabyte has said it plans to fix the issues.
0 kommentar(er)
