Two URLs use HTTPS, but the update utility doesn’t verify the HTTPS certificate that the server at the other end sends back.A manipulator-in-the-middle (MitM) through whose servers your network traffic passes can not only intercept any files that the program downloads, but also undetectably modify them along the way, for example by infecting them with malware, or by replacing them with different files altogether. One URL uses plain old HTTP, thus providing no cryptographic integrity protection during the download.Unfortunately, according to Eclypsium, it fetches and runs software from one of three hard-wired URLs, and was coded in such a way that: This GigabyteUpdateService program, it seems, does exactly what its name suggests: it acts as an automated downloader-and-installer for other Gigabyte components, listed above as apps, drivers and even the BIOS firmware itself. Services are the Windows equivalent of background processes or daemons on Unix-style systems: they generally run under a user account of their own, often the SYSTEM account, and they keep running all the time, even if you sign out and your computer is waiting unassumingly at the logon screen. NET application that is installed in the %SystemRoot%\System32 directory (your system root is usually C:\Windows), and runs automatically on startup as a Windows service. The buggy component in this APP Center ecosystem, say the researchers, is a Gigabyte program called GigabyteUpdateService.exe, a. The problem, according to Ecylpsium, is part of a Gigabyte service known as APP Center, which “allows you to easily launch all GIGABYTE apps installed on your system, check related updates online, and download the latest apps, drivers, and BIOS.” So, it’s a bit like a little-known window round the back of the building that’s forgetfully been left unlatched by mistake. The bad news is that this seems to be a legitimate feature that has been badly implemented, leaving affected computers potentially vulnerable to abuse by cybercriminals. ![]() So, it’s not like a daytime visitor knowingly unlatching a little-known window round the back of the building so they can come back under cover of darkness and burgle the joint. ![]() The good news is that this seems to be a legitimate feature that has been badly implemented, so it’s not a backdoor in the usual, treacherous sense of a security hole that’s been deliberately inserted into a computer system to provide unauthorised access in future. In fact, Eclypsium’s headline refers to it not merely as a backdoor, but all in upper case as a BACKDOOR. Researchers at firmware and supply-chain security company Eclypsium claim to have found what they have rather dramatically dubbed a “backdoor” in hundreds of motherboard models from well-known hardware maker Gigabyte.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |