Gigabyte Firmware Bugs Allow the Installation of BIOS/UEFI Ransomware

Last week, at the BlackHat Asia 2017 security conference, researchers from cyber-security firm Cylance disclosed two vulnerabilities in the firmware of Gigabyte BRIX small computing devices, which allow an attacker to write malicious content to the UEFI firmware. During their presentation, researchers installed a proof-of-concept UEFI ransomware, preventing the BRIX devices from booting, but researchers say the same flaws can be used to plant rootkits that allow attackers to persist malware for years. The two vulnerabilities discovered are CVE-2017-3197 and CVE-2017-3198. The first is a failure on Gigabyte's part to implement write protection for its UEFI firmware. The second vulnerability is another lapse on Gigabyte's side, who forgot to implement a system that cryptographically signs UEFI firmware files. Add to this the fact that Gigabyte uses an insecure firmware update process, which doesn't check the validity of downloaded files using a checksum and uses HTTP instead of HTTPS. A CERT vulnerability note was published to warn users of the impending danger and the bugs' ease of exploitation.

1 Like

This is patched now right?

Dont tell me this news is one week old and their is no patch.

maybe i should click the link and read.

1 Like

Indeed, nowadays ransomware is too much widespread, and unfortunately there is no multipurpose tool to struggle it, but if you understand the way it works it is easier to avoid it. Here is not bad description of the issue


H! in my opinion, the best defense is common sense :sunglasses:

Seven month necro. Thread is locked.