bit-tech.net

Gigabyte Brix hit by UEFI vulnerabilities

Gigabyte Brix hit by UEFI vulnerabilities

Security researchers have found serious security failings in at least two models of Gigabyte's Brix SFF PCs, and the company is only willing to fix one of them.

Security researchers have discovered serious flaws in the firmware of Gigabyte's Brix small form factor (SFF) systems that allow malicious code to be written into firmware and stored even if you replace the system's storage device.

Researchers from security specialist Cylance revealed the vulnerabilities at the BlackHat Asia 2017 event, following hints at the earlier RSA Conference 2017 and after contacting Gigabyte privately with its findings. Known to affect at least two models of Brix systems - the GB-BSi7H-6500 with firmware F6 and GB-BXi7-5775 with firmware F2 - the company's discovery includes the creation of a proof of concept (PoC) exploit capable of acting as a backdoor at a system level and of bypassing any and all security protections in place at the operating system level.

'Firmware backdoors are difficult to detect because they execute in the early stages of the boot process and they can persist across operating system (OS) re-installations,' the company explains in its write-up of the vulnerabilities. 'Write-protection mechanisms exist to prevent attackers from modifying the firmware; however, the affected systems do not enable them. It is up to the motherboard manufacturers to correctly implement the UEFI firmware and enable the appropriate protection mechanisms to prevent unauthorised modifications to the firmware.'

Sadly, the two affected Brix systems are among those shipped in a vulnerable state, which can then be exploited by a vulnerable SMI handler. Worse still for those who currently have a Brix system, Gigabyte has confirmed it will only fix one of the two known-vulnerable units: The GB-BSi7H-6500 will receive a firmware update fixing the flaw and updated it to version F7, but the GB-BXi7-5775 is officially considered end-of-life and will receive no such update; instead, the older model will be left vulnerable.

Full details of the flaws are available in the Cylance write-up.

6 Comments

Discuss in the forums Reply
proxess 4th April 2017, 11:33 Quote
If both systems are affected by the same vulnerability, how difficult is it to apply the patch to the EOL system's firmware as an out of life security upgrade?
SinxarKnights 4th April 2017, 13:28 Quote
It prolly isn't that difficult if they can do the one. My best guess is there is no profit to be had since they are no longer sold and the attack is fairly specific.
leexgx 4th April 2017, 19:12 Quote
I agree it's not hard to do especially with uefi bios as they are very modular and this is likely the same module that affects both system boards (and its more likely just a setting that has not been set most likely a minor update )
greigaitken 5th April 2017, 22:26 Quote
calling your IT hardware product 'Brix' is begging to be laughed at when it has a problem
Vault-Tec 5th April 2017, 22:29 Quote
Brixit.
LordPyrinc 5th April 2017, 23:00 Quote
Pronounced "Bricks"? That seems really funny to me. I bricked a modem once back in 1997. I tried to do a firmware update that rendered it completely useless. Bricking anything in my world pretty much means that you have made the device no more usable than a bookend or a paperweight. I would only buy bricks if I were building a foundation. Or maybe a retaining wall.
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.



Discuss in the forums