Gigabyte Technology—Security researchers discovered firmware backdoor in 271 Gigabyte motherboard models affecting ~7 million devices

May 31, 2023

In May 2023, Eclypsium researchers discovered that 271 Gigabyte motherboard models contained a hidden UEFI firmware mechanism that dropped a Windows executable to download and execute payloads insecurely. The updater used unencrypted HTTP connections without proper authentication, making man-in-the-middle attacks possible. Approximately 7 million devices were affected. Gigabyte released BIOS updates with signature verification.

Scoring Impact

Topic	Direction	Relevance	Contribution
Consumer Protection	-against	primary	-1.00
User Privacy	-against	primary	-1.00
Overall incident score =			-0.443

Score = avg(topic contributions) × significance (high ×1.5) × confidence (0.59)× agency (negligent ×0.5)

Evidence (1 signal)

Confirms Criticism May 31, 2023 verified

Eclypsium published report on Gigabyte motherboard firmware backdoor affecting 271 models

Eclypsium Research discovered and documented a hidden firmware backdoor in 271 Gigabyte motherboard models that downloaded and executed payloads over insecure HTTP connections without authentication, affecting approximately 7 million devices.

Tom's Hardware,Eclypsium

Related: Same Topics

Bhavish Aggarwal · Engaged in heated public feud with comedian over customer complaints, stock dropped 8%

Oct 7, 2024

Ola Electric · India's CCPA issued show cause notice after over 80,000 consumer complaints about EV quality

Oct 8, 2024

Zepto · Accused of charging iPhone users up to 5x more than Android users for identical products

Dec 1, 2024

Zepto · India's CCPA fined Zepto ₹7 lakh for using dark patterns including drip pricing and basket sneaking

Dec 5, 2024

Microsoft · Microsoft committed to expand right-to-repair options following shareholder pressure

Oct 7, 2021