Gigabyte Motherboards have a back door in their BIOS

Associate
Joined
23 Dec 2015
Posts
79
Not seen this discussed here yet, but researchers have discovered that Gigabyte have embedded a backdoor into the BIOS of their motherboards that allows them to remotely update them. But they left this back door unsecured, relying on the fact it is hidden as the only form of security.

They was my trusted brand, but they are going to get their @sses sued in America for this, plus they will have to release updates for every motherboard out there to try and resolve this.

 
Last edited:
I'd be unsurprised if Gigabyte Control Centre didn't have a few security nasties as well with the way it phones home, etc.

I highly doubt they are the only brand which has stuff like this either.
 
Last edited:
Did notice the "gigabyte update service" running on first install, disabled it shortly in bios.
But I thought that it was Windows doing the heavy lifting, and gigabyte bios only telling it there is a "new device" that needs to download the update service
Apparently its bios installing the executable directly.

Sloppy.
 
I just went into my bios and disabled it.
It was in 'settings - IO Ports' and was called something along the lines of "Gigabyte updater app"

It's enabled by default, disabling this should make you safe
 
I just went into my bios and disabled it.
It was in 'settings - IO Ports' and was called something along the lines of "Gigabyte updater app"

It's enabled by default, disabling this should make you safe
Yeah I did that as soon as I got my board, it was annoying enough already but now it's unsafe and annoying.

E: Glad you put the instructions down I couldn't remember where on earth it was. I think that applies to most boards although some of the newer ones have it elsewhere if I heard right.
 
Last edited:
I don't think it was widely known about, but it's not the first time this has been noticed. For example:

https://www.reddit.com/r/gigabyte/comments/106d9ns/gigabyte_control_center_prompt_to_install_every/
https://answers.microsoft.com/en-us...ox-on-my/7573ba3f-e9cf-4409-ab28-bb3a486ae8e8

or even:

https://forums.overclockers.co.uk/threads/gigabyte-x570-aorus-master-owners.18877314/post-34891072

But I guess what's new (but depressingly unsurprising) is how badly it was implemented.

I find it depressing - I used to be a Gigabyte fan but these days they just seem to slap any old **** together and ship it :( the GCC is a bloated POS with likely a bunch of security holes, definitely doing some undesirable telemetry stuff and at times impacts on performance of the system.
 
TBH they all have this now a days, ASUS has an option in the bios to entyer your ASUS account details into the bios, save you logging in when the PC has booted, it also has an option to download and Install Aromory crate.

MSI have an option in the bios to auto download Dragon Centre.

Gigabyte have the option to download and install the Gigabyte bloatware app

They are all just that in my eyes "Bloatware" that you dont need, so every board ive had (currently Asus, Previously Gigabyte and MSI) Ive disabled that option in the bios.
 
I thought i read an article first thing this morning which covered this mentioning ASUS as well, though i can't find it, so may have misread. But Tomshardware have an article up now saying Gigabyte now have a firmware update available. Regardless, all pretty bs, and all the board maker's software is poop.
 
Yes first thing I did was disable the app install prompt in the BIOS and never installed any Gigabyte software either. So no issues but just knowing there's a back door left unsecured waiting to be potentially exploited by someone assuming your WAN<>LAN config is also open, then that's just asking for trouble.

EDIT*

They have already released BIOS updates to fix the issue:

That's my board, guess I am updating the BIOS then sigh!

Also, note that lots of other board vendors have a similar feature, MSI, ASUS to name a couple. If you've always turned it off in the BIOS when doing a new build or installing a new BIOS version, then you wouldn't be affected anyway, which I hope is at least 90% of this forum anyway...
 
Last edited:
Yes first thing I did was disable the app install prompt in the BIOS and never installed any Gigabyte software either. So no issues but just knowing there's a back door left unsecured waiting to be potentially exploited by someone assuming your WAN<>LAN config is also open, then that's just asking for trouble.

EDIT*

They have already released BIOS updates to fix the issue:

That's my board, guess I am updating the BIOS then sigh!

Also, note that lots of other board vendors have a similar feature, MSI, ASUS to name a couple. If you've always turned it off in the BIOS when doing a new build or installing a new BIOS version, then you wouldn't be affected anyway, which I hope is at least 90% of this forum anyway...

Yea, a bios update is out for my board too

Not sure I'll bother updating though, it's turned off anyway
 
Yeah I cba faffing about copying all my settings to restore to etc so until a need is there such as upgrading CPU to something newer which is only supported by a new BIOS, then I won't bother either tbh.
 
TBH they all have this now a days, ASUS has an option in the bios to entyer your ASUS account details into the bios, save you logging in when the PC has booted, it also has an option to download and Install Aromory crate.

MSI have an option in the bios to auto download Dragon Centre.

Gigabyte have the option to download and install the Gigabyte bloatware app

They are all just that in my eyes "Bloatware" that you dont need, so every board ive had (currently Asus, Previously Gigabyte and MSI) Ive disabled that option in the bios.

One of the problems is Gigabyte has no system in place to even attempt to verify what it has downloaded is the legit Gigabyte software before executing it, though I'd be unsurprised if some of the other brands don't have similar weaknesses and in fact both Asus and Gigabyte have had similar issues with firmware or drivers before.

One of the more worrying ones would be if anyone cracked the Intel Management Engine completely exposing it in some way online - it would be absolutely catastrophic.
 
Back
Top Bottom