Gigabyte Firmware Flaws Allow the Installation of UEFI Ransomware

Gigabyte Firmware Flaws Allow the Installation of UEFI Ransomware

By | April 9th, 2017
No Comments on Gigabyte Firmware Flaws Allow the Installation of UEFI Ransomware

Cylance researchers said they've identified these flaws at the start of the

year, and have worked with Gigabyte, American Megatrends Inc. (AMI), and

CERT/CC to fix the flaws in time.


														
							

Researchers from cyber-security firm Cylance at the BlackHat Asia 2017 security conference  disclosed two vulnerabilities in the firmware of Gigabyte BRIX small computing devices, which allow an attacker to write malicious content to the UEFI firmware.

During their presentation, researchers installed a proof-of-concept UEFI ransomware, preventing the BRIX devices from booting, but researchers say the same flaws can be used to plant rootkits that allow attackers to persist malware for years.

Affected Gigabyte devices include GB-BSi7H-6500 (firmware version vF6), and GB-BXi7-5775 (firmware version vF2).

Gigabyte is expected to release firmware vF7 for GB-BSi7H-6500 devices in the upcoming days. The GB-BXi7-5775 line is not being produced anymore and has reached EOL (End Of Life), so Gigabyte won’t be releasing a new firmware for this series.

Gigabyte is expected to release firmware vF7 for GB-BSi7H-6500 devices in the upcoming days. The GB-BXi7-5775 line is not being produced anymore and has reached EOL (End Of Life), so Gigabyte won’t be releasing a new firmware for this series.

[Source]

Google
Nisheeth Bhakuni