Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Nasty BIOS bug slugs Gigabyte, hackers say


  • Please log in to reply
7 replies to this topic

#1 JohnC_21

JohnC_21

  • Members
  • 24,630 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:24 PM

Posted 06 July 2016 - 07:30 AM

Gigabyte has been swept into turmoil surrounding low-level security vulnerabilities that allows attackers to kill flash protection, secure boot, and tamper with firmware on PCs by Lenovo and other vendors.

Unconfirmed reports suggest the hardware vendor has used the "ThinkPwn" vulnerable code, thought to be born of Intel reference code, on four of its motherboards: Z68-UD3H, Z77X-UD5H, Z87MX-D3H, and Z97-D3H.

Researcher Dmytro Oleksiuk revealed the vulnerabilities in a post to Github stating that can “disable flash write protection and infect platform firmware, disable Secure Boot, [and] bypass Virtual Secure Mode (Credential Guard, etc.) on Windows 10 Enterprise” thanks to a flaw in the SystemSmmRuntimeRt UEFI driver.

Pwn pundit Alex James then reported that Gigabyte looks affected by the System Management Mode BIOS vulnerability saying on Twitter that many other Gigabyte models are likely affected.

 

Article



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:08:24 PM

Posted 06 July 2016 - 07:52 AM

Pretty sure I have one of these motherboard in my desktop computer (custom built). Hopefully a BIOS update will be released that will address that issue.

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 TheJokerz

TheJokerz

  • Members
  • 287 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio
  • Local time:09:24 PM

Posted 06 July 2016 - 08:00 AM

I am glad my new build i did not go with Gigabyte!


pa9d6f-4.png


#4 CKing123

CKing123

  • Members
  • 1,463 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:British Columbia, Canada
  • Local time:06:24 PM

Posted 07 July 2016 - 09:06 AM

 

A critical vulnerability that was recently found in the low-level firmware of Lenovo ThinkPad systems also reportedly exists in products from other vendors, including HP and Gigabyte Technology.

I have a HP laptop

 

Waiting for an update for this

 

-CKing


If I am helping you and I don't respond within 2 days, feel free to send me a PM

Sysnative Windows Update Senior Analyst 

Github | Keybase


#5 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:08:24 PM

Posted 07 July 2016 - 09:27 AM

I also have an HP laptop (welp). Looks like I'll be monitoring the BIOS updates for both my devices in the following days.

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#6 CKing123

CKing123

  • Members
  • 1,463 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:British Columbia, Canada
  • Local time:06:24 PM

Posted 07 July 2016 - 09:35 AM

Well, it depends. If you have UEFI, then you are vulnerable

 

Unfortunately, this bug should have been fixed in 2014!

 

Oleksiuk believes that the vulnerability originated in Intel’s reference code for its 8-series chipsets and that it was fixed in mid-2014. However, since there were no public advisories about it, it’s possible that IBVs and PC manufacturers missed the patch and continued to use an older version of the reference code as base for their UEFI.

 

Article

 

-CKing


If I am helping you and I don't respond within 2 days, feel free to send me a PM

Sysnative Windows Update Senior Analyst 

Github | Keybase


#7 rp88

rp88

  • Members
  • 3,067 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:24 AM

Posted 07 July 2016 - 01:58 PM

I've seen reports of this online but don't quite understand it, is this a security threat in the sense of:

1.An online attacker can use it for some sort of remote code execution exploit and put his code into your system, although remote code vulnerabilities are usually in the browser/plugins/OS not in the BIOS/UEFI?
2.An attacker who has already got viruses onto your system can use it to make the damage worse and put his evil stuff permanently into your system so it'll survive even if you wipe and reinstall the OS?
or
3.An attacker can use this to take control of the system, but only if he has physical access to it?
or something else entirely?

What sort of scenarios could it be involved in? Is it the sort of thing which is only a danger AFTER one's operating system has already been compromised, or is it the sort of thing that an attacker could use to take control at the lowest level remotely on a machine with no infections and everything up to date except the BIOS/UEFI and then begin compromising the OS and higher level features?

Edited by rp88, 07 July 2016 - 02:02 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#8 CKing123

CKing123

  • Members
  • 1,463 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:British Columbia, Canada
  • Local time:06:24 PM

Posted 07 July 2016 - 02:21 PM

Most BIOS/UEFI exploits requires require physical access, but once someone exploits and installs a rootkit, reinstalling Windows, replacing hard disk, none of it would remove it. You would need to reflash your BIOS/UEFI

 

-CKing


If I am helping you and I don't respond within 2 days, feel free to send me a PM

Sysnative Windows Update Senior Analyst 

Github | Keybase





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users