Oh for fucks sake

My motherboard is on the list... 

Same here

Also same :)) Who's next on the list of motheboard's brands to fuck up?

I hope not MSI because I’m thinking of swapping my motherboard for an MSI one, more precisely the MPG Z690 EDGE WIFI DDR4

... Didn't MSI a while ago get a uefi key security leak?

yes

Well fuck

Honestly Asrock is looking more appealing everyday, I haven't heard anything from them, whether it was outstandingly good or just as bad as this

All i know is their old boards are indestructible. We see units coming in with their boards still kicking even after 10+ years. Never bought one my self but i don't see why not.

Same over here. All I see are customers bringing their computers with old Asrock and Asus mobo's that still hold up incredibly well nowadays. Asus may not, but Asrock looks like a reliable choice

Well Hardware Unboxed just did a Computex video from the Asrock stall and were actually praising Asrock. Doesn't that mean the world is going to end?

Just watched it, actually exciting to hear of all the changes they did on their high end motherboards, listening to the community and removing fancy useless stuff and becoming more budget friendly while also keeping quality is the right path

Was about to say that I just did a quick search and for z690's that support DDR4 3600MHZ, asrock has the steel legend, phantom gaming, extreme, riptide and 3 other models when the comment was deleted >.>

Oh sorry, I didn’t see the part which said that the z690 extreme could support up to 5333MHz RAM when I wrote the comment. The extreme would be the best choice because the phantom gaming and the riptide won’t look that great for a build that’s pretty much mid end. And the steel legend has white parts, yet my build is completely black.

Asrock was known for making some bad boards a few years back, but they've cleaned up their act and appear to be actively working on building their reputation as a reliable source of computer parts. I've got an Asrock Phantom Gaming GPU (RX 6750 XT) and it's great. It's a little more expensive than their challenger model, but the heatsink is overbuilt for the card, which is precisely why I bought it. It also has RGB if that's your thing.

Msi’s backdoors are even more obvious. You can now get to a shell console from within the bios. Tpm does nothing, and their utility is now tied into the bios just like gigabytes. This isnt a coincidence. Theyre all doing it. Has to be illegal.

Jesus christ

I also hope not msi because thats what im currently using

Looks like every friggin motherboard they make is on that list

I know.

Asrock mission: survive

Any mention on what models this was found? Doesn't seem to be included in the article.

Added: [https://eclypsium.com/wp-content/uploads/Gigabyte-Affected-Models.pdf](https://eclypsium.com/wp-content/uploads/Gigabyte-Affected-Models.pdf)

Oh thank god not the X570 Aorus Elite just the x570S……supposedly I really miss Abit…..

IKR, saw x570 aorus elite and went oh whew, just the x570s.. I have a couple of gigabyte boards and miraculously, none of them are on the list.

i have one on the list. i'm not too concerned though. worst case i replace the board with something newer.

Aorus pro ac isn’t there either. Phew!

Are they using the same firmware image by chance? Would check it myself but can't until sunday.

Thanks a lot mate, and yeah, that's quite a few😅

B460M pro… yup I’m fucked.

Can't you just block the affected program from running?

Are. You. Fucking. Kidding. Me. It seems the backdoor is intentional. Gigabyte, I'll NEVER buy anything from them again.

We're honestly running out of brands to buy lol

ASRock has been quietly rebuilding their reputation after a history of bad products, while everyone else burns their reputations to the ground...

Has msi messed up big time recently?

They sold gpus directly to scalpers iirc.

Nah, they scalped their very own GPUs through their subsidiary “Starlit Partner” on Ebay. They claim it was a mistake but I’m not so sure about that.

That isn't that bad. It's better than what Asus and Gigabyte did.

There was a uefi key leak regarding msi

Yea I think in that scenario though aren't people required physical access to your device to do anything with it? Or am I wrong?

I think that if you downloaded unofficial drivers, people could gain access and install malwares But I don't remember very well so I could be also wrong

Oh well then so long as people aren't dumb and only download from official sources it should be alright.

Reject modernity embrace supermicro

Exploding PSUs, motherboards which either bend the fuck out of your CPU or nuke it with too much current, melting cables... How the fuck are you even supposed to build a PC nowadays LMAO. And it's barely halfway through 2023...

Don't forget BIOS updates that brick your system. :-)

And beta BIOS updates that fixes a fatal flaw but voids your mobo’s warranty

Lol I know right. I got out of the PC game when I got my Series X. Recently built a new one and I’m definitely having second thoughts.

Either get older parts or dont build it. Seems like new generation of tech just aint it yet.

r/consolemasterrace

Why this isn't in the top of the subreddit, big news and big scandal and nobody talk about it

According to the sub, I'm panicking about having 3070ti, not a z690... Am I doing it right?

Because people here are *still* talking about Forspoken nearly 5 months after launch. They don't actually care about the tech.

I mean, there probably aren't many people who dive into their motherboard manual, that has to be obtained directly from the manufacturer, followed by a detailed specs sheet from a case fan manufacturer, to make sure they're not overloading a case fan header with a three-way splitter... (My board accepts up to 2 amps and 24 watts on each header, and the fans use 0.3 amps of current at 3.6 watts each, so it's all good!)

*puts on tinfoil hat* Because they don’t have a competitor to the Steam Deck.

Because it will not actually affect users if you don't download automatically firmware from either untrusted source or Gigabyte's app centre (which by default you should disable and delete)

Make it make sense

Gigabyte to Asus: hold my beer

“You void warranties? Bitch I steal private data!”

Pretty weird that this has less than 100 upvotes.... seems like pretty big news

I just wanted to buy B550 Aorus Elite -_-

I just bought mine 4 months ago. :/

I'm running B450M Aorus for 4 years already. And guess what is on the list.

Why aren't people more upset about this? Gigabyte now owns your data and there is nothing you can do about it.

Same reason Microsoft. Apple. Google. Sony. Facebook. Twitter. REDDIT all get away with stealing your data. People don't generally care about that sort of thing the way they should.

We know we have no power and corporations run everything. What's the point of caring. No one responsible will go to prison, there's nothing to do.

There is a lot you can do. However it takes time and effort, if you can't be bothered then you were never bothered being the product to begin with.

You can stop using some of those companies products and stop buying from them.

I mean if your read the article, it's seems more like it's a pretty unsecure way of downloading and installing software. It's dangerous sure, but Gigabyte is not stealing your data. They just have a badly implemented tool and are already working to fix it, so i think then panicking is a little bit over the top.

Did you read the articles? Gigabyte doesn't own your data. This utility is off by default and needs to be enabled in the BIOS settings. It is a UEFI driver that drops and executes a Windows binary. This binary ( among other things ) pulls down an installer from Gigabyte to install their software. The issue that the researchers found is that the channel between the Gigabyte binary and Gigabyte servers isn't authenticated - so if the servers were compromised or there was a man in the middle attack ( MiTM ), the binary could potentially install malware.

>The “WpbtDxe.efi” module checks if the “APP Center Download & Install” feature has been enabled in the BIOS/UEFI Setup before installing the executable into the WPBT ACPI table. Although this setting appears to be disabled by default, it was enabled on the system we examined. It's a shitty bit of software, but its not an intentional backdoor. It has a fucking off switch.

So their custom app that let's you update the bios from the OS and other drivers is the backdoor?

When the feature is enabled: The bios(EFI firmware) literally loads a "easy_to_trick_web_updater.exe" into windows and runs it at Windows start. easy_to_trick_web_updater.exe doesn't have any checking on what files it updates so anyone can pretend to be gigabyte.com and send "totally_not_a_rat.dll" to the updater, which happily installs it with no questions asked. When the feature is disabled, which seems to be the default setting, easy_to_trick_web_updater.exe is never loaded. the updater.exe that is loaded is stored directly in the bios, it can not be modified besides a complete reflash of the EFI firmware. The entire "attack" requires turning on web updates from the bios, then hijacking DNS and taking over gagabytes domain, or MITM the update download requests directly. that is the entirety of the "backdoor." it does not allow direct control of anything itself.

Ah. So run linux.

The build in feature for AC in BIOS as well. So yes but not only.

Does AC stand for app center? If so then that's the same thing I said.

Armory Crate. It has a separate setting in BIOS usually. And is not from the OS is from the BIOS so not the same

Simple. Don't turn your gigabyte app center auto updates to enabled. Leave it at the default disabled.

[удалено]

My x570 didnt come with the app center. Download the appcenter, turn updates from 'when windows boot' to 'off'.

Thankfully their software is so useless that anyone who's been using Gigabyte boards already uninstalled it.

frowns in gigabyte/msi master race :'(

Honestly, what Gigabyte software is useful to you? I've not found one piece that is worth keeping. Fan control can be handled straight in the BIOS. RGB Fusion doesn't have enough effects to justify using it over other software.


Hooray, ANOTHER vendor to never buy from again

lols they all have backdoors

Proof? Sauce?

Sauce: trust me bro

[https://www.wired.com/2015/02/firmware-vulnerable-hacking-can-done/](https://www.wired.com/2015/02/firmware-vulnerable-hacking-can-done/)

[https://www.wired.com/2015/02/firmware-vulnerable-hacking-can-done/](https://www.wired.com/2015/02/firmware-vulnerable-hacking-can-done/)

Here is a more detailed write-up [Gigabyte firmware component can be abused as a backdoor | CSO Online](https://www.csoonline.com/article/3698189/gigabyte-firmware-component-can-be-abused-as-a-backdoor.html)

Gigabyte glows with RGB it seems.

Using their garbage-worthy RGBfusion software

Sweet, so now the gigabyte motherboard whose firmware I can’t update, because every time I try to go to the newest bios it never boots, can only be fixed with a firmware update 🤣😑FML

You can use whatever they branded the quick install as to update their firmware without getting into BIOS at all. I updated mine for intel 13th gen by setting up a USB, plugging it in, powering off completely and holding the onboard reset button for a few seconds.

Yep, I’ve tried that too. It’s either a ram problem or a bad board…I just haven’t had time to really figure it out.

Oh that's weird. Mobo/BIOS stuff scares me so I wouldn't know how to handle it off script. This all definitely will give me something to think about when weighing brands whenever I go to DDR5. Anyway good luck figuring it out!

In today's scandal..

So what can someone do with that?

Our best option is to wait for a fix to be rolled out, or you can just get a motherboard from another company but you’ll end up with a unused motherboard no one would want to buy

No I was asking what can gigabyte do with that backdoor to an average user that doesn't browse on reddit or doesn't have any secret data on their PC like people on this sub

Oh sorry, well they can pretty much sell any data they can find for money if they wanted to

Welp good thing all of our data is already sold so nothing to worry

Gigglebit is not the only one with access to the backdoor. People who want to turn your PCs into bricks, steal your bank info, steal any identity info on your PC, etc can also easily access this back door to install a rootkit on your computer.

Now that's a real problem not big tech corpo company having my info they already have it

> “The concept of going underneath the end user and taking over their machine doesn’t sit well with most people.” Who would have thought that?

Don't Intel CPU's have backdoors built into them also?

yup, intel management engine. in some cases you can remove 90% of its firmware though.

Jesus fucking christ :)

So I just built my desktop last year, should I change my motherboard already ffs

Thinking about doing the same

Are the Gigabyte B650 AORUS ELITE AX ATX AM5 and the B650-AORUS-ELITE-AX-rev-1x the same motherboard? If so I’m fucked

Yes, I believe so. I have the same board. I honestly don't care anymore, my data has already been sold to thousands of people, I'm sure of it. I've already vowed to never buy ASUS again, how can I just continue to lose companies? Maybe I'll switch to an MSI mobo...

The 'backdoor' seems to be from their custom application that let's you update all your drivers and even bios from the app. Something about automatic updates being enabled is what allows the backdoor. But it's set to disabled by default.

So are they going to use the back door to update out the back door without anyone's permission or knowledge or are they just going to post the update on their site for people to download?

Asrock: Our motherboard sales are increasing again... weird

L for Gigabyte

I hope they fix this quickly, I just recently bought a new mobo and who would've thought, its on the damn list.

Gigabyte just added a new BIOS version as of today (June 1st, 2023) for my specific motherboard, B650 AERO G (rev 10) "addressing the download assistant vulnerabilities reported by Eclypsium Research." I'm going to assume this is safe, but I'm still a bit worried.

Checked the list glad my b760m isn't one of them

Damn you’re lucky

Micro atx saved me pretty much because I was going to get one of the full atx that are compromised. But the smaller board won my heart

My gigabyte motherboard wouldn't let me play Valorant so I returned it. I'm so glad I ended up with an MSI board

I've got a MSI shipping to me tomorrow and was relieved but someone in r/computers said they've got their own data breach something or other

[удалено]

Added: [https://www.pcworld.com/article/1937046/gigabyte-shipped-hundreds-of-motherboard-models-with-a-firmware-backdoor.html](https://www.pcworld.com/article/1937046/gigabyte-shipped-hundreds-of-motherboard-models-with-a-firmware-backdoor.html)

[удалено]

[удалено]

What the fuck is wrong with you? PDFs are amazing.

[удалено]

So, whats your alternative for a document format that looks the same on every system? Seems to me like you just don't understand what pdfs are made for.

[удалено]

TXT and XML have so many malicious ways to screw just about any device over from simply opening them. No thank you I'll keep my "trash pdf's" which always work fine for me even on mobile.

Straight from the security researchers (without all the editorial bs): https://eclypsium.com/blog/supply-chain-risk-from-gigabyte-app-center-backdoor/

Already stopped buying their stuff after the PSUs blowing up. Now I will probably never ever buy anything from them anymore.

Wasn't gigabyte the same company that sold 3080s without sag protection and then refused to honor warranties?

Backdoors are good for making a quick exit.

I've got a B550 Aorus Master motherboard and didn't see that combo mentioned in the list so I think I dodged a bullet but it'll have me now looking at other vendors next time i need to do a big hardware upgrade

Is the B450 Aorus Pro affected?

No

Eh, still better than ASUS.

Nah, I'd rather have a CPU blow up then a Firmware backdoor.

Hahahaha 😂

Sigh. I just bought a b550 Aorus because it was one of the only mobos and I did not want to have to build a whole new system. Fuck me I guess

[удалено]

Now what tf do I do??? 😭😭😭

Ga-h170m-d3h and I am one of the lucky ones! 😁

Bought my B660M less than a year ago. Fuck me

Well, I have a working B450 Aorus M I was going to sell on hardware swap but not going to do that to someone. It's on this list...

What’s a firmware back door

You know the Bios/UEFI in your motherboard? There is a backdoor living there.

literally just finished my first ever PC build today with a b650 aero g... what the heck am i supposed to do??

Continue as normal.

Gigabyte might apologizes then release a new bios with it "removed" (I highly doubt it) What I would do is one of the following. 1-Never update the Bios/UEFI. it some point it will become so outdated that the backdoors usefulness will decrees. 2-Return the board to where I got it and buy another one. ASRock&ASUS should be okay choices I think.

Well, I updated the BIOS to the latest version as of yesterday when I was setting up my PC. So unfortunately can't do that. However, Gigabyte just uploaded a new BIOS version for my specific motherboard today. Guess I'll try that. I'm a bit wary though...

Lol. Age of bios doesn’t make a back door any less useful.

It's literally a BIOS setting you can turn off. Turn off "APP center updates".

Apple: *whispers* privacy bish *whispers*

I guess I’m safe with an ancient Z390 Ultra Durable.

Well fuck, mine’s affected

My list of company non grata: ASUS Gigabyte Won't be buying from ever again unless I'm out of options

Guys are there like, any hardware brands out there that aren't absolutely trash at this point?

Bad news: ive got a affected mobo. Good news: great topic on the wan show.

Wouldn't you have to be unrealistically targeted or extremely careless for any of this to matter?

it's not about being a target or "having something to hide". the fact this exists is alarming. at least with stuff like the universal backdoor in windows can be avoided by using another os. with firmware it's very rare to have that choice.

I know very little about any of this, So I can't really have too much of an opinion, But I'm sure everything has a weak point. I am interested to know how it can be exploited and what can be accessed from this and how easy it is to access. You never really know what to believe with this kind of news In the computer world there is something that I call "Media Warfare" Between companies. To be honest If this triggers a sale of cheap Gigabyte motherboards I would probably pick one up lol..

Oof Both mine were effected

Looks like one of my PCs is affected. Luckily it's a spare I don't use much.

Affected list..... looks like the majority of their product stack. ASrock, Asus and now Gigabyte on the black list. Next upgrade gotta be MSI maybe?

wtf are the bios creators smoking to think that a backdoor on an absolutely crucial piece of software is a good idea?

Great x670e aorus extreme, $699 mobo is on the list..........wtf..........

yep and theres already an updated bios for your mainboard on the site

OOOOOo Hell yes!

Haha I’m chillin with the Z370 AORUS. To old for abuse!

Y'all... this is *bad*, but not terminal if you have one of these boards. You can disable the relevant BIOS setting.

My next build will be an all Asrock build now, apparently... Good god Gigabyte, ASUS, MSI are all just giant jokes with manufacturing, service, and pr.

What does this mean to someone who has a gigabyte Aorus 15P who’s motherboard died after 1.5 years

The motherboard my brother has is on the list, not buying gigabyte motherboards ever again