Cybersecurity firm Eclypsium has discovered a potential backdoor in Gigabyte systems, raising concerns about the security of the tech supply chain.
Writing in a blog post on Wednesday, the company explained that it used its automated heuristics to detect suspicious behavior on Gigabyte systems.
Further analysis revealed that the firmware on these systems was crashing and running a native Windows executable during the system boot process. The executable then proceeded to unsafely download and execute additional payloads.
Eclypsium explained that the backdoor mechanism shares similarities with other OEM backdoor-like features and firmware implants that threat actors have previously abused.
More information on similar malware tools: New Backdoor MQsTTang attributed to Mustang Panda Group
The potential risks associated with this backdoor expose organizations to threats such as supply chain and local environment compromise, as well as the persistence of malware through this firmware’s functionality on systems.
The vulnerable code was found in hundreds of Gigabyte computer models, posing a significant risk to the supply chain. While no specific exploits by threat actors have been confirmed, security experts said the existence of a widespread backdoor that is difficult to remove raises serious concerns for companies that they rely on Gigabyte systems.
“Almost all security work focuses on inadvertent vulnerabilities innocently created by developers,” commented Jeff Williams, co-founder and CTO of Contrast Security.
“However, imagine that you are a malicious developer who wants to trojan your company’s software with a backdoor.”
According to the executive, a smart attacker will not rely on an obvious backdoor. Instead, they will introduce a common vulnerability that appears to be accidental.
“That way, they maintain plausible deniability if the backdoor is detected. The only way to tell a vulnerability from a backdoor is to try to discern that developer’s intent, which is essentially impossible. In this case, we may never know,” Williams added.
To address this issue, Eclypsium confirmed that it is currently working closely with Gigabyte to rectify the insecure implementation of its App Center capability.
The warning comes weeks after Symantec’s threat hunter team shared findings about a new backdoor used in attacks targeting organizations in South and Southeast Asia.
Editorial Image Credit: RSplaneta / Shutterstock.com
Today’s technology-driven world poses many risks to the cyber security of companies and their customers. Recently, with the news of a potential backdoor in Gigabyte computer motherboards manufactured recently, companies like Ikaroa and all those who rely on Gigabyte products are exposed to major supply chain security risks.
The issue came to the forefront when security researchers from Eclypsium, a cyber security firm, detected an administrative tool that could allow hackers to take control of systems, making them vulnerable to attacks. They revealed that the ‘EasyTuneNetworkService.exe’ was installed on Gigabyte motherboards shipped in recent months. It is worrying that this application could be used to hack into systems and compromise sensitive information and data of organizations sometimes without a trace.
Gigabyte has since issued an update to their drivers, which should clear up the issue. However, it is concerning that an issue this serious was left undetected for so long, and it has raised worrying questions about the security of the supply chain.
This revelation highlights the need for companies such as Ikaroa to be proactive in their cyber security strategies. By implementing secure authentication processes, multi-factor authentication, and using security products from reputable vendors, organizations can ensure that these potential backdoors don’t become a security nightmare.
In addition to adopting the latest technologies, companies should also ensure that their networks are regularly tested for vulnerabilities and any other exploits that are not yet discovered. This would help them identify and respond to any cracks in their defences before malicious actors have a chance to exploit it.
The potential backdoor in Gigabyte’s computers is a reminder that the cyber security industry and its stakeholders, such as Ikaroa, need to stay vigilant. By taking the necessary steps to secure their networks, organizations can ensure that their customers’ information is safe and secure.
