Several Gigabyte Brix SSF PCs have UEFI vulnerabilities

Several Gigabyte Brix SSF PCs have UEFI vulnerabilities

Several Gigabyte Brix SSF PCs have UEFI vulnerabilities

 
Several Gigabyte Brix SSF PCs have been found to have UEFI vulnerabilities, which could be used to create a backdoor into the system or make unauthorised changes to the devices firmware and more.  
 
These vulnerabilities were discovered by researchers at the Cylance security firm, who recently revealed these vulnerabilities at BlackHat Asia 2017.  The firm first informed Gigabyte of these issues on the 3rd of January, with Gigabyte stating that they plan on releasing a firmware update on one of the affected systems. 
 
Right now, this bug has been found to affect two different systems, the GB-BSi7H-6500 with firmware F6 and the GB-BXi7-5775 with firmware F2. At this Gigabytebytte has no plans to fix the GB-BXi7-5775, as this product is officially considered end-of-life. 
 
Cylance has created a proof of concept exploit that was used to create a backdoor at a system level, bypassing all security applications, which means that these systems are insecure until Gigabyte issues an update.  Below is a part of Cylance’s write up on this system’s vulnerabilities.
 
 

  Firmware backdoors are difficult to detect because they execute in the early stages of the boot process and they can persist across operating system (OS) re-installations,

Write-protection mechanisms exist to prevent attackers from modifying the firmware; however, the affected systems do not enable them. It is up to the motherboard manufacturers to correctly implement the UEFI firmware and enable the appropriate protection mechanisms to prevent unauthorised modifications to the firmware.

Several Gigabyte Brix SSF PCs have UEFI vulnerabilities

 

Sadly both the GB-BSi7H-6500 and the GB-BXi7-5775 were shipped in a vulnerable state, which means that most users of these systems will be left vulnerable to a potential attack until Gigabyte issues a UEFI/BIOS update to fix this issue. 

At this time it is unknown if additional Brix SKUs are affected by this vulnerability. 

 

You can join the discussion on Gigabyte’s Brix system vulnerabilities on the OC3D Forums.   

Â