“I still think this will end up being a fairly pervasive problem on Gigabyte boards for years to come,” Loucaides says. Release notes accompanying the update state that it "addresses download assistant vulnerabilities" uncovered by Eclypsium.Įven now that Gigabyte has pushed out a fix for its firmware issue-after all, the problem stems from a Gigabyte tool intended to automate firmware updates-Eclypsium’s Loucaides points out that firmware updates often silently abort on users’ machines, in many cases due to their complexity and the difficulty of matching firmware and hardware.
According to Gigabyte, that code is now cryptographically signed and verified, "thwarting any attempts by attackers to insert malicious code," and the server they're downloaded from is also authenticated with a cryptographic certificate. But a day after Eclypsium revealed the firmware issue, Gigabyte announced updates to its firmware with "enhanced verification" of the code its updater program downloads to machines that use its motherboards.
Gigabyte did not respond to WIRED’s multiple requests for comment regarding Eclypsium’s findings.
0 kommentar(er)
