Hiding malicious applications in a pc’s UEFI firmware, the deep-seated code that tells a PC learn how to load its working system, has turn into an insidious trick within the toolkit of stealthy hackers. But when a motherboard producer installs its personal hidden backdoor within the firmware of hundreds of thousands of computer systems—and doesn’t even put a correct lock on that hidden again entrance—they’re virtually doing hackers’ work for them.

Researchers at firmware-focused cybersecurity firm Eclypsium revealed right this moment that they’ve found a hidden mechanism within the firmware of motherboards offered by the Taiwanese producer Gigabyte, whose parts are generally utilized in gaming PCs and different high-performance computer systems. Whenever a pc with the affected Gigabyte motherboard restarts, Eclypsium discovered, code inside the motherboard’s firmware invisibly initiates an updater program that runs on the pc and in flip downloads and executes one other piece of software program.

While Eclypsium says the hidden code is supposed to be an innocuous software to maintain the motherboard’s firmware up to date, researchers discovered that it’s carried out insecurely, probably permitting the mechanism to be hijacked and used to put in malware as an alternative of Gigabyte’s supposed program. And as a result of the updater program is triggered from the pc’s firmware, exterior its working system, it’s powerful for customers to take away and even uncover.

“If you have one of these machines, you have to worry about the fact that it’s basically grabbing something from the internet and running it without you being involved, and hasn’t done any of this securely,” says John Loucaides, who leads technique and analysis at Eclypsium. “The concept of going underneath the end user and taking over their machine doesn’t sit well with most people.”

In its weblog put up concerning the analysis, Eclypsium lists 271 fashions of Gigabyte motherboards that researchers say are affected. Loucaides provides that customers who need to see which motherboard their pc makes use of can verify by going to “Start” in Windows after which “System Information.”

Eclypsium says it discovered Gigabyte’s hidden firmware mechanism whereas scouring clients’ computer systems for firmware-based malicious code, an more and more frequent software employed by refined hackers. In 2018, for example, hackers engaged on behalf of Russia’s GRU navy intelligence company were discovered silently installing the firmware-based anti-theft software LoJack on victims’ machines as a spying tactic. Chinese state-sponsored hackers have been noticed two years later repurposing a firmware-based spyware tool created by the hacker-for-hire agency Hacking Team to focus on the computer systems of diplomats and NGO workers in Africa, Asia, and Europe. Eclypsium’s researchers have been stunned to see their automated detection scans flag Gigabyte’s updater mechanism for finishing up a few of the identical shady habits as these state-sponsored hacking instruments—hiding in firmware and silently putting in a program that downloads code from the web.

Gigabyte’s updater alone might need raised issues for customers who don’t belief Gigabyte to silently set up code on their machine with a virtually invisible software—or who fear that Gigabyte’s mechanism might be exploited by hackers who compromise the motherboard producer to use its hidden entry in a software supply chain attack. But Eclypsium additionally discovered that the replace mechanism was carried out with evident vulnerabilities that would permit it to be hijacked: It downloads code to the person’s machine with out correctly authenticating it, typically even over an unprotected HTTP connection, quite than HTTPS. This would permit the set up supply to be spoofed by a man-in-the-middle assault carried out by anybody who can intercept the person’s web connection, similar to a rogue Wi-Fi community.