DaemonForums  

Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 31st May 2023
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,128
Default Millions of PC Motherboards Were Sold With a Firmware Backdoor

From https://www.wired.com/story/gigabyte...ware-backdoor/:
Quote:
Researchers at firmware-focused cybersecurity company Eclypsium revealed today that they’ve discovered a hidden mechanism in the firmware of motherboards sold by the Taiwanese manufacturer Gigabyte, whose components are commonly used in gaming PCs and other high-performance computers. Whenever a computer with the affected Gigabyte motherboard restarts, Eclypsium found, code within the motherboard’s firmware invisibly initiates an updater program that runs on the computer and in turn downloads and executes another piece of software.

While Eclypsium says the hidden code is meant to be an innocuous tool to keep the motherboard’s firmware updated, researchers found that it’s implemented insecurely, potentially allowing the mechanism to be hijacked and used to install malware instead of Gigabyte’s intended program. And because the updater program is triggered from the computer’s firmware, outside its operating system, it’s tough for users to remove or even discover.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #2   (View Single Post)  
Old 22nd October 2023
cohumat cohumat is offline
Port Guard
 
Join Date: Oct 2023
Posts: 17
Default

This just goes to show the lack of quality control that thees big business engage in in order to beat their compactors to market with their latest and greatest gadgetry. As the old adage states an-ounce or prevention prevents a pound of cure so roughly translated in to the technology services and hardware realm of our rapidly changing and technology dependent society. An ounce of quality control prevents a pound of recalls and public relations headaches.
__________________
Kindly You Buddy,

Chip
EM:firedolphin8858@gmx.us
Reply With Quote
  #3   (View Single Post)  
Old 22nd October 2023
jmccue jmccue is offline
Real Name: John McCue
Package Pilot
 
Join Date: Aug 2012
Location: here
Posts: 167
Default

Quote:
Hiding malicious programs in a computer’s UEFI firmware
From that quote, I guess it is active if you use UEFI. So far I have been able to avoid it and hope to continue that tradition
__________________
[t]csh(1) - "An elegant shell, for a more... civilized age."
- Paraphrasing Star Wars (tvtropes.org)
Reply With Quote
  #4   (View Single Post)  
Old 24th October 2023
blackhole's Avatar
blackhole blackhole is offline
Spam Deminer
 
Join Date: Mar 2014
Posts: 316
Default

Its is not a "quality control" problem per se...

"...the hidden code is meant to be an innocuous tool to keep the motherboard’s firmware updated, researchers found that it’s implemented insecurely, potentially allowing the mechanism to be hijacked..."

That is a hideous and unforgiveable problem in the design. Motherboard firmware should not be updated using that kind of mechanism.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
switched motherboards 4.4 vdubjunkie OpenBSD Installation and Upgrading 4 22nd October 2023 04:01 AM
Security Millions of Last.fm passwords leaked J65nko News 0 8th June 2012 08:42 PM
Hardware World's first biz computer was British - and sold teacakes J65nko News 0 11th November 2011 01:34 PM
NeXT computers never sold outside the US? Turquoise88 Off-Topic 5 7th July 2011 10:46 PM
Motherboards for AMD JMJ_coder General Hardware 10 5th August 2008 03:17 AM


All times are GMT. The time now is 12:12 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick