Follow along with the video below to see how to install our site as a web app on your home screen.
Note: This feature may not be available in some browsers.
QFT, and just imagine the backdoors that haven't been found in Gigabyte's enterprise products, let alone everything else.When people think they're buying a product, when in fact the product is them.
Just like the backdoor open ports found in Netgear network equipment (lied about fixing it by de-listing it and just left it open) and HPE servers in the mid-2010s.Yeah, like how the US government had tens of thousands of compromised Cisco network devices just a few years ago. If it exists, theres a back door for somebody.
I didn't see it on my x570 aorus elite wifi, although the board isn't listed under that name in the pdf above. I have a z690-i ultra ddr4, (the new version, not the older, lite one) and it's on the list, but it's in the closet, sans cpu, so I can't check it right now.Do those of you with an affected motherboard have the option "APP Center Download & Install"
The following is one the recommendations that Eclypsium Labs issued in its blog: Inspect and disable the “APP Center Download & Install” feature in UEFI/BIOS Setup on Gigabyte systems and set a BIOS password to deter malicious changes.
—https://eclypsium.com/blog/supply-chain-risk-from-gigabyte-app-center-backdoor/
Do those of you with an affected motherboard have the option "APP Center Download & Install" (or possibly a similarly named option) in the firmware settings?
Never fear, I is here...You hacked the Gibson then or what? Hmm
I was pleasantly surprised to see that the x299 Aorus Gaming 7 I ran for several years was not affected... but the cheap as chips B450M I snagged as part of a Micro Center combo deal late last year was. Jesus, what a mess. I am going to turn into someone who only runs enterprise kit at this rate...Full list of affected boards.
https://eclypsium.com/wp-content/uploads/Gigabyte-Affected-Models.pdf
But it’s basically ever consumer or prosumer board they have produced over the last 5 years…
Say what you will about prebuilts, but Dell still offers bios updates for the Gen 6 Intels as things are found.I was pleasantly surprised to see that the x299 Aorus Gaming 7 I ran for several years was not affected... but the cheap as chips B450M I snagged as part of a Micro Center late last year was. Jesus, what a mess. I am going to turn into someone who only runs enterprise kit at this rate...
The masses are just a recourse to milk.When people think they're buying a product, when in fact the product is them.
I wish AMD would update their Epyc Embedded line - a 16 core chip in a SuperMicro ITX motherboard would be just about perfect for my needs. May I never buy a gaming-targeted motherboard again.Say what you will about prebuilts, but Dell still offers bios updates for the Gen 6 Intels as things are found.
SuperMicro is solid though, if you snag one with the IPMI managers it makes any diagnostics easy.
If they had at least securely implemented it, it would have improved the overall security of those systems. Firmware updates often fix security issues, spectre/meltdown, etc. So if it had been better designed, it would have been a good idea. I do think that the user should get a pop-up saying "An update is available" before it is 'just installed'.. but I haven't seen the process in question in action, so could be incorrect in my understanding of how it works.... the idea that something like a firmware update should take place automatically and outside the view of the owner/admin just doensn't make any sense...
I’m still using one of their first gen ones based on the Zen1. She’s old but she does the job.I wish AMD would update their Epyc Embedded line - a 16 core chip in a SuperMicro ITX motherboard would be just about perfect for my needs. May I never buy a gaming-targeted motherboard again.
They way they did it was intercepting the shipments and modifying the units. They didn't have Cisco build hacked units, they hacked them in transit. For a targeted attack it makes much more sense to do it that way, as there are less people that know about it. If they try to get Cisco to make hacked units that means that not only are people at Cisco going to know about it, but Cisco might decide to fight it. While some people, including some in the government, think National Security Letters are magic wands that can force anything, they aren't. A company very well might push back legally against a demand like "put a backdoor in your routers."And they probably did it with a national security letter. Cisco would have to have been aware of that one, but being subject to U.S. law being forced to comply with the national security letter, and also being forced to not disclose it's existence.
As I recall the Cisco products were specifically targeted at certain customers as well. Not just inserted in every unit.
They way they did it was intercepting the shipments and modifying the units. They didn't have Cisco build hacked units, they hacked them in transit. For a targeted attack it makes much more sense to do it that way, as there are less people that know about it. If they try to get Cisco to make hacked units that means that not only are people at Cisco going to know about it, but Cisco might decide to fight it. While some people, including some in the government, think National Security Letters are magic wands that can force anything, they aren't. A company very well might push back legally against a demand like "put a backdoor in your routers."
Also the NSA's job is twofold: It is to spy on other countries, but also to keep US data safe, and having Cisco weaken their routers would be contrary to that. Much better to just insert the backdoor themselves in to the units they know are going to people they want to spy on.
As for this stupidity, Gigabyte needs to stop with the dumb shit and get on board with capsule updates. These get distributed through the OS, they come down in Windows update if you use Windows, and are verified and signed. It is not only a good way to maintain security on the updates, but since it comes in the normal update channel, you can manage it with whatever your update management solution is and decide when they get rolled out.
Dell does it, and it is great. Your just get UEFI updates along with other drivers. It even knows how to suspend bitlocker automatically.
Gigabyte doing their own auto updater is extremely stupid because, well, this could happen. While OS updates aren't perfectly secure, they are a hell of a lot more likely to be secure and they are easy to patch if there's an issue.
The b550i aorus pro ax (rev 1.2) doesn't have the option in the bios. Since it's also not stated in the manual and I haven't seen any nags, I am assuming it is not affected by this vulnerability.The following is one the recommendations that Eclypsium Labs issued in its blog: Inspect and disable the “APP Center Download & Install” feature in UEFI/BIOS Setup on Gigabyte systems and set a BIOS password to deter malicious changes.
—https://eclypsium.com/blog/supply-chain-risk-from-gigabyte-app-center-backdoor/
Do those of you with an affected motherboard have the option "APP Center Download & Install" (or possibly a similarly named option) in the firmware settings?
My guess is that almost everything from a major US company is backdoored or otherwise infiltrated by the state, and has been for a very long time.
NSA Built Back Door In All Windows Software by 1999
U.S. Agencies Said to Swap Intelligence With Thousands of Firms
WikiLeaks #Vault7: 85% of world’s smart phones ‘weaponized’ by CIA
Advanced CIA firmware has been infecting Wi-Fi routers for years
Photos of an NSA “upgrade” factory show Cisco router getting implant
The NSA’s Hidden Spy Hubs in Eight U.S. Cities
View attachment 574086
View attachment 574075
A friend has the same X570 board and they couldn't find the setting either. It's mentioned once early in the manual and then there's nothing in the BIOS section.I didn't see it on my x570 aorus elite wifi, although the board isn't listed under that name in the pdf above. I have a z690-i ultra ddr4, (the new version, not the older, lite one) and it's on the list, but it's in the closet, sans cpu, so I can't check it right now.
I've seen Asus motherboards with bios settings for Armoury [sic] Crate, though.
Meh, I'll get around to updating my boards. This seems more like a man in the middle attack anyway.
I'm the meantime disable the app center download in the bios, as most people should have anyway since it's annoying.
https://www.tomshardware.com/news/gigabyte-firmware-update-backdoor
That's the board I have, not sure which revision. All the revisions are listed in the PDF as affected.The b550i aorus pro ax (rev 1.2) doesn't have the option in the bios. Since it's also not stated in the manual and I haven't seen any nags, I am assuming it is not affected by this vulnerability.
Does your board have the download app option in the bios and/or do you get a nag screen on windows boot to download live update? If the board doesn't have the feature which contains the vulnerability, it is extremely unlikely that is has this particular vulnerability.That's the board I have, not sure which revision. All the revisions are listed in the PDF as affected.
Pretty much. I feel much safer giving China my data than the US.Western designed or Eastern designed, the only difference it makes is who is getting your data and who has access to the back doors.
Glad my X570 AORUS Elite is not on that list!Full list of affected boards.
https://eclypsium.com/wp-content/uploads/Gigabyte-Affected-Models.pdf
But it’s basically ever consumer or prosumer board they have produced over the last 5 years…
It looks like there are now updated BIOS's posted for all revisions of the board dated June 1st. They weren't there at the time of my prior post on June 2nd, at which time the press release from Gigabyte said they had posted updates for all the B550 motherboards.I have a B550i Aorus Pro AX Rev. 1.2 and noticed today that there's a Bios update addressing the issue. Also this mentioned above is not true (The b550i aorus pro ax (rev 1.2) doesn't have the option in the bios) in Settings, I/O Ports the App Center Download Assistant is what should be disabled.