Skip to main content

If you have a Gigabyte motherboard, your PC might stealthily download malware

Yet another motherboard manufacturer seems to be in trouble — or rather, the people who own those motherboards might be. According to security researchers, countless Gigabyte boards might be vulnerable to dangerous cyberattacks.

If you want to be extra safe, there are a couple of things you can do to protect your PC. Here’s what we know.

A Gigabyte Aorus Extreme motherboard.
Gigabyte

According to a report published by security company Eclypsium, many Gigabyte motherboards are at risk. Eclypsium published a full list of the models that are affected by the vulnerability, and that list alone encompasses over 270 different entries. That means that if you own a Gigabyte board, chances are that you’re affected by this too. Both AMD and Intel platforms might be compromised.

To give you a quick recap on what’s going on, Eclypsium has found a vulnerability within the firmware of those Gigabyte motherboards. Gigabyte’s own software automatically updates the firmware without further prompts, and because of that, it opens the door to potential attacks.

Get your weekly teardown of the tech behind PC gaming
Check your inbox!

The list of risks is huge, but individual users are in less danger than organizations that run multiple computers equipped with Gigabyte boards. This is because the attacker would have to be using the same network as you in order to divert the software updater to download a harmful payload instead of a new firmware update. Still, this could be dangerous and awfully difficult to get rid of. To make matters worse, out of the three possible download locations for Gigabyte’s firmware, one of them is only using a plain HTTP address instead of HTTPS, further lowering the security of the downloading process.

While this is a quite sophisticated and situational hack, if a threat actor or hacker group manages to carry out the attack, the consequences could be disastrous. Let’s go over them quickly.

For one, hackers could exploit vulnerable software built into a computer’s firmware in order to pose as a legitimate feature. From there, they could gain full access to the affected PC and network. UEFI rootkits and implants, which are a type of malware, also pose a great threat because they’re executed before your system even starts up. As such, not even reinstalling the operating system and wiping your drives clean would be enough to get rid of them.

Perhaps the worst thing of all is that the firmware download occurs during system start-up, so you’d likely be none the wiser until it would be too late. Eclypsium goes into a lot of detail in its report as to what the dangers of this vulnerability are, so make sure to read it here if you’re interested.

How to protect yourself

The front of a Project Stealth PC.
Gigabyte

Gigabyte is working with Eclypsium in order to fix this issue. The company released an official statement, saying that its engineers have already addressed the potential risks in the latest beta version of the BIOS. This means that owners of Intel 700/600 or AMD 500/400 boards could go ahead and download the update and stay safe, but using a beta version of the BIOS comes with some risks of its own. It’s unclear whether using it would affect the board warranty at this point.

Fortunately, Eclypsium has also provided a couple of fixes that can tide you over until Gigabyte clears everything up. You’ll first have to enter the BIOS. This is most commonly done by tapping the F2 or Del key over and over during the time when your PC is starting up, but if that doesn’t work, check out our guide on how to use the BIOS to see if there are any other keys you might need to mash here.

Once you’re on the options screen, navigate to the App Center Download & Install feature and disable it. This turns off automatic updates. We also recommend setting a BIOS password to add an extra layer of security.

Motherboards, in general, have had their share of troubles lately. As Gigabyte is battling this problem, Asus also finds itself in the crossfire following a huge AMD Ryzen 7000 controversy. Instead of a cybersecurity threat, users with Asus boards have found their PCs at risk of burning up.

Editors' Recommendations

Monica J. White
Monica is a UK-based freelance writer and self-proclaimed geek. A firm believer in the "PC building is just like expensive…
Security or performance? With this AMD vulnerability, you can’t have both
Render of an AMD Ryzen chip.

Recently, a cybersecurity researcher discovered a dangerous vulnerability within AMD's Zen 2 processors. Dubbed "Zenbleed," the vulnerability allows attackers to gain access to your computer and steal all of the most sensitive information, including passwords and encryption keys. While this doesn't affect AMD's best processors, it's still a dangerous vulnerability with a wide reach, as it's present in all Zen 2 CPUs, including consumer chips and data center EPYC processors. AMD has a fix on the way, but it might come at a price.

The bug was first spotted by Tavis Ormandy, a researcher working with Google Information Security, who made it public at the end of July. Since then, the researcher has also released a proof of concept code that shows how it works. This, while useful, might help attackers exploit this vulnerability until AMD comes up with a fix.

Read more
Your next smartphone might have an Intel processor — seriously
Intel Core i5-12400F box sitting in front of a gaming PC.

When you buy a smartphone today, chances are it has a processor from Apple, Qualcomm, or maybe even Samsung. But what about Intel? Yes — the same Intel that's responsible for laptop and desktop PC chips. As crazy as it may sound, that's likely happening in the very near future.

On April 12, Intel announced it's entering a "multigeneration agreement" with ARM to create mobile SoCs (systems on chips) with Intel technology. In other words, Intel is partnering with ARM to create mobile chipsets.

Read more
If you use this free password manager, your passwords might be at risk
Office computer with login asking for password and username.

Researchers have just found a flaw within Bitwarden, a popular password manager. If exploited, the bug could give hackers access to login credentials, compromising various accounts.

The flaw within Bitwarden was spotted by Flashpoint, a security analysis firm. While the issue hasn't received much -- or any -- coverage in the past, it appears that Bitwarden was aware of it all along. Here's how it works.

Read more