Gigabyte Motherboards Self-Hacked

[Newtun]

Alarming report from https://arstechnica.com/security/20...therboards-were-sold-with-a-firmware-backdoor:

Millions of PC motherboards were sold with a firmware backdoor​

Hidden code in many Gigabyte motherboards invisibly and insecurely downloads programs. ​

I built my oldest PC, about 15⅞ years ago, using a GB 965P-DS3 mobo. I assume that's too long ago for that backdoor "feature". It's still going strong, running World Community Grid research into cancer and COVID 24×7×2×100%, using a Pentium dual-core e5200, OC'ed from 2.5 to 3.2 GHz.

At the time, I thought Gigabyte was pretty reliable for consumer-grade hardware.

 

[LunarMist]

Isn't that what Intel does all the time on the management engines? And Windows is constantly spying on you and updating all kinds of crap.

 

[sedrosken]

I heard about this yesterday, and thankfully it seems mine isn't one of the models listed. For some reason either they neglected to mention any X470 parts, or the X470 parts genuinely aren't affected -- not that it matters anyway mind, since I don't run Windows and would have turned off any "smart update" feature or whatever it hooked in the first place.

Yes, Lunar, there's some controversy about the Intel Management Engine and AMD's PSP, but at the very least they keep the technical details behind those hush-hush enough that one would have the impression that they're implemented just a tad more securely.

 

[Mercutio]

Users can and probably should turn off LAN access by UEFI or disable the @App Center Download. The mitigation is fairly straightforward for people comfortable enough to get in to the firmware interface.

 

[Will Rickards]

Mine had a firmware update but I think it just added an option in the bios to disable the app center thing.