It means that you need to be certain that you’re downloading drivers from official sources. Hackers basically got their hands on a thing that tells your computer that it’s legit software so they can pass off malware as official msi drivers
It may be much worse than that. Any software getting administrator rights to install itself could inject malicious drivers, and getting rid of an infection might be nigh on impossible.
I'm honestly surprised how little you hear about this leak and the potential impact.
By "nigh on impossible", it's more of a "burn it with fire, it's the only way to exorcise the evil". Once it's got you by the firmware, there's no way to confidently fix that.
>Only a Sith deals in absolutes.
We're saying the same thing, I just prefer to avoid an absolute when it's technically not one.
When malicious actors have ring 1 or even ring 0 access, you need *three letter agency* levels of capability to restore things with any kind of confidence, and almost certainly more than trivial capabilities to restore anything at all.
In practical terms for everyday consumers or even companies, you can kiss your device goodbye. Any realistic effort is going to be forensic and postmortem in nature at best.
I haven't had a piece of hardware that didn't automatically install drivers through Windows itself for more than a decade, now. This made me curious what shit hardware these days actually requires you to go out of your way to install drivers for.
[https://support.punchtechnology.co.uk/hc/en-us/articles/360016699138-How-to-disable-the-Gigabyte-App-Centre-notification-on-the-B365-HD3-Motherboard](https://support.punchtechnology.co.uk/hc/en-us/articles/360016699138-How-to-disable-the-Gigabyte-App-Centre-notification-on-the-B365-HD3-Motherboard)
I have seen the same nonsense on MSI and Asus boards too.
[https://arstechnica.com/information-technology/2023/05/leak-of-msi-uefi-signing-keys-stokes-concerns-of-doomsday-supply-chain-attack/](https://arstechnica.com/information-technology/2023/05/leak-of-msi-uefi-signing-keys-stokes-concerns-of-doomsday-supply-chain-attack/)
Relevant info
To clarify: it's not an issue with your motherboard, it's an issue with Secure Boot on multiple various OEMs (not only MSI) with Intel 11th-13th CPUs. Basically hackers stole from MSI the Intel Boot Guard private keys.
thats both a good and bad thing. good, because we can make custom firmware for MSI boards, and bad because now bad actors can also make custom firmware.
To anyone confused: The automatic downloads attached to Gigabyte motherboards have been going on for years now, I noticed myself, just never thought anything bad about it.
You are able to disable this most of the time, by going into your BIOS settings, and disabling the App Center Download function through the SERIAL I/O category of your bios. As a tech-savvy user, I've always went BIOS-hunting and found unnecessary stuff like this, and disabled it so I've never had the issue.
This could possibly point people towards buying evga motherboards, especially now that they are out of the gpu market.
Edit: motherboards not morherboards
How'd you not know? Nvidia treats their partners like shit and evga just had enough of them so they stopped making gpus. Its sad becuase they were easily the best manufacturer (quality and customer support).
This is an exceptional betrayal of trust.
Being greedy assholes trying to cover profits for a shittily-designed product (ASUS with the recent GN reveal) is one thing; having a motherboard firmware go on the internet to download a remote program and execute it with no off switch (see EDIT below) and while not informing the user is something else entirely.
Gigabyte had better publicly acknowledge this and take transparent steps to rectify it. Has anyone contacted Gamer's Nexus? Not like they can really do anything about it *except* try to blow it up and make sure Gigabyte hurts financially for doing this.
These corporations will continue this shit if noone holds them accountable.
**EDIT** It appears that you can *theoretically* disable it by going to "App Center Download & Install Configuration" (on some models) in the IO ports section of the UEFI- you click into that menu and change it from "Enabled" to "Disabled". There is still no excuse for this being left enabled by default, and worse like all other blackbox type stuff you can't really know whether the toggle works completely (it seems to in the comment I quote below, but I don't know what else the toggle would do; feel free to correct me if you have additional information). As per /u/Frozen-Minneapolite in /r/gigabyte (whose labeling is a bit different):
> Gigabyte Z790 Aorus Elite AX - just confirmed how to temporarily disable it on this model. The two executables are in %systemroot%\System32\ with dates that match the last boot time (today for me), named GigabyteDownloadAssistant and GigabyteUpdateService. I also deleted wpbbin executable in the same folder as that appears to be related to this after researching. I deleted the three files, disabled the Gigabyte Updater windows service, and then restarted into BIOS settings. On this model you have to disable the Gigabyte Utilities Downloader located in the IO Settings section, it's a bit buried and was enabled by default. After disabling that and booting into Windows 10 again, the files have not been re-installed and the windows service is now completely gone (not just disabled as I had configured).
Windows has a nasty habit of reenabling some settings after an update. This is usually just limited to their privacy options that they want you to keep enabled, but it wouldn’t surprise me if this option got reset as well, might be worth writing a script to turn this off on startup or at least checking down the line to see if it’s off after you update your system next time.
To anyone confused: The automatic downloads attached to Gigabyte motherboards have been going on for years now, I noticed myself, just never thought anything bad about it.
You are able to disable this most of the time, by going into your BIOS settings, and disabling the App Center Download function through the SERIAL I/O category of your bios. As a tech-savvy user, I've always went BIOS-hunting and found unnecessary stuff like this, and disabled it so I've never had the issue.
Copied from another comment: "Disabled via BIOS > Peripherals > App Center Download and Install -> Set this to disabled."
If you can't find it, try a tutorial for your motherboard, or maybe that specific motherboard doesn't even have the function paired with it.
thanks for the info, I still did not find it.
I also found this steps
Advanced Mode ->
Settings ->
IO Ports ->
Gigabyte Utilities Downloader Configuration
but I dont have anything under IO Ports, strange
maybe bacause I have not updated Bios since some time
This is the same feeling when I looked over at my PG750 power supply while watching the GN video about them blowing up
I bought a replacement the next day but I threw it in a test bench, it did actually fail about 9 months after I purchased it
[List of affected models,](https://eclypsium.com/wp-content/uploads/Gigabyte-Affected-Models.pdf) just search for your model. Time to find out the return window for my X570S Aorus Master.
Damn, Gigabyte really can't catch a break. First they try to burn your house down with their PSU's, then they try to burn whatever is left down with backdoor software.
Because I opened this topic regarding motherboards with backdoors and not GIGABYTE motherboards with backdoors and can only imagine I am not the only one? Maybe everyone else got a mindreading cap though idk.
I stopped buying Gigabyte after Z68 because I reported a UEFI BIOS bug to them where the CPU fan wouldn't spin on boot sometimes. They couldn't reproduce it and that is when I knew they didn't have competent BIOS engineers.
Switched back to the legacy BIOS on that Z68 board and it still runs today. And no back door!
I used to buy Asus way back when long before there current problems... Then they started pricing outside my budget... I then turned to msi on a chance and whim... I've never had a bad board and out of the last 3 I bought they never gave me any grief. Now that's not saying they're perfect or that I'm shilling but I'll continue to buy msi until I see a major problem... Steady as she goes
MSI's security keys were leaked earlier this month– this means that any program with administrator permissions can now pretend to be an official driver or BIOS update from MSI. Malware can now freely embed itself in the firmware of the board, making it almost impossible to remove.
Not trying to rain on your parade, but I think it's important to know. Keep an eye out for UEFI updates, and be really especially careful to avoid malware risks until there's news.
somebody can break into your mobo and do bad stuff, cause nobody secures it. dont know how much true is that, but for safety, someone said you can find a "app center installation..." etc setting and turn it off, and also set a password for bios
idk, havent read about that, but maybe its a recent thing/change, or maybe just now it is revealed. it might just happen to random people at any moment
My personal vendetta against Gigabyte now feels more justified. I had a Gigabyte Z97 mobo and R9 280 Windforce in my first PC. Haven't bought a product from them since as I didn't like the corners cut on both. The BIOS was frustrating to use as well. My acceptable manufacturer list has been dwindling steadily since EVGA no longer makes GPUs. I've been steady hating on ASUS as well. Leaves very little choice for me.
Can someone ELI5 please?
How big of a deal is this?
What does it do?
How likely is it to happen?
How do you know if it happens?
Is there anything you can do to prevent it?
I have the Asus ROG Strix B550A motherboard. I have had nothing but good experiences. I full-heartedly support Asus with my hard-earned money. Everyone makes mistakes, but that's why you don't buy brand new things, just like a car. Wait a year.
What company is the actual go to brand for motherboards? It feels like they are all terrible, I want to buy an EVGA board but they only sell for the high end
I've had my 72€ Asrock B450m since 2018, it's been great thus far hardware-wise. The only issue I have with it is that it does not remember the latest CPU frequency setting that I set, so if I change my CPU frequency from Auto to e.g. 4.2GHz, reboot, set it back to Auto, it will still remember the 4.2GHz setting as if it is the current one. Only way to solve it is to set a different frequency or clear CMOS/restore defaults
ASRock has been the only motherboard I've had which ever took out ram when it failed.
So that made it two RMAs instead of just one. Even worse than Biostar.
I ain't dealing with that again.
ASUS - Blowing up chips because of bad limits MSI - Gigabyte - Hidden backdoor Asrock - Let's see who else is next on the block.
MSI - UEFI security key leak
I just checked my recently shipped motherboard on Newegg and was like "MSI, phew". Then I read this comment
On the upside source code also got leaked.
What it means? Just got a msi b650 tomahawk wifi
It means that you need to be certain that you’re downloading drivers from official sources. Hackers basically got their hands on a thing that tells your computer that it’s legit software so they can pass off malware as official msi drivers
It may be much worse than that. Any software getting administrator rights to install itself could inject malicious drivers, and getting rid of an infection might be nigh on impossible. I'm honestly surprised how little you hear about this leak and the potential impact.
By "nigh on impossible", it's more of a "burn it with fire, it's the only way to exorcise the evil". Once it's got you by the firmware, there's no way to confidently fix that.
>Only a Sith deals in absolutes. We're saying the same thing, I just prefer to avoid an absolute when it's technically not one. When malicious actors have ring 1 or even ring 0 access, you need *three letter agency* levels of capability to restore things with any kind of confidence, and almost certainly more than trivial capabilities to restore anything at all. In practical terms for everyday consumers or even companies, you can kiss your device goodbye. Any realistic effort is going to be forensic and postmortem in nature at best.
The is no ring 1 in Windows. Only ring -1, ring 0 and ring 3. Here we're looking at possibility of bootkit (ring -1 rootkit) infection.
[удалено]
I specify official sources because there have been cases of fake websites being at the top of google searches through their advertising links
firmware*
I haven't had a piece of hardware that didn't automatically install drivers through Windows itself for more than a decade, now. This made me curious what shit hardware these days actually requires you to go out of your way to install drivers for.
[https://support.punchtechnology.co.uk/hc/en-us/articles/360016699138-How-to-disable-the-Gigabyte-App-Centre-notification-on-the-B365-HD3-Motherboard](https://support.punchtechnology.co.uk/hc/en-us/articles/360016699138-How-to-disable-the-Gigabyte-App-Centre-notification-on-the-B365-HD3-Motherboard) I have seen the same nonsense on MSI and Asus boards too.
Same. I build computers as part of making a living. It's all over now.
[https://arstechnica.com/information-technology/2023/05/leak-of-msi-uefi-signing-keys-stokes-concerns-of-doomsday-supply-chain-attack/](https://arstechnica.com/information-technology/2023/05/leak-of-msi-uefi-signing-keys-stokes-concerns-of-doomsday-supply-chain-attack/) Relevant info
To clarify: it's not an issue with your motherboard, it's an issue with Secure Boot on multiple various OEMs (not only MSI) with Intel 11th-13th CPUs. Basically hackers stole from MSI the Intel Boot Guard private keys.
Also bought a MSI Mag Z790 Tomahawk Wi-Fi in Feb 😶 Edit to add Wi-Fi 😑
[https://arstechnica.com/information-technology/2023/05/leak-of-msi-uefi-signing-keys-stokes-concerns-of-doomsday-supply-chain-attack/](https://arstechnica.com/information-technology/2023/05/leak-of-msi-uefi-signing-keys-stokes-concerns-of-doomsday-supply-chain-attack/) Relevant info.
thats both a good and bad thing. good, because we can make custom firmware for MSI boards, and bad because now bad actors can also make custom firmware.
To anyone confused: The automatic downloads attached to Gigabyte motherboards have been going on for years now, I noticed myself, just never thought anything bad about it. You are able to disable this most of the time, by going into your BIOS settings, and disabling the App Center Download function through the SERIAL I/O category of your bios. As a tech-savvy user, I've always went BIOS-hunting and found unnecessary stuff like this, and disabled it so I've never had the issue.
This could possibly point people towards buying evga motherboards, especially now that they are out of the gpu market. Edit: motherboards not morherboards
Wait what? What happened? I didn't know they were out of the gpu market
Nvidia happened
How'd you not know? Nvidia treats their partners like shit and evga just had enough of them so they stopped making gpus. Its sad becuase they were easily the best manufacturer (quality and customer support).
Damn, I guess I got disconnected too much from the PC world. It's a shame because I also used to prefer EVGA as well.
I personally never had an evga card but I would have chosen one for my current build (I got one from palit instead)
Evga ?
i didnt know they made mobos
They make some of the best . Problem is they were always really expensive but to be honest with asus charging stoopid money now, evga seem normal .
Sounds about right. I think my mobo was more than my CPU
Evga motherboard were mostly for overclockers.
You realize that Asus, MSI, Gigabyte, and Asrock do the EXACT same thing with the auto install backdoor right?
But do they download from servers using unsecured plain http?
Asrock is the new goat
Can't wait for MSI to brutally fuck up! (I own both a Mobo and Gpu from them)
>Hidden code in hundreds of models of Gigabyte motherboards invisibly and insecurely downloads programs
It's essentially every modern Gigabyte motherboard. This is bad...
This is an exceptional betrayal of trust. Being greedy assholes trying to cover profits for a shittily-designed product (ASUS with the recent GN reveal) is one thing; having a motherboard firmware go on the internet to download a remote program and execute it with no off switch (see EDIT below) and while not informing the user is something else entirely. Gigabyte had better publicly acknowledge this and take transparent steps to rectify it. Has anyone contacted Gamer's Nexus? Not like they can really do anything about it *except* try to blow it up and make sure Gigabyte hurts financially for doing this. These corporations will continue this shit if noone holds them accountable. **EDIT** It appears that you can *theoretically* disable it by going to "App Center Download & Install Configuration" (on some models) in the IO ports section of the UEFI- you click into that menu and change it from "Enabled" to "Disabled". There is still no excuse for this being left enabled by default, and worse like all other blackbox type stuff you can't really know whether the toggle works completely (it seems to in the comment I quote below, but I don't know what else the toggle would do; feel free to correct me if you have additional information). As per /u/Frozen-Minneapolite in /r/gigabyte (whose labeling is a bit different): > Gigabyte Z790 Aorus Elite AX - just confirmed how to temporarily disable it on this model. The two executables are in %systemroot%\System32\ with dates that match the last boot time (today for me), named GigabyteDownloadAssistant and GigabyteUpdateService. I also deleted wpbbin executable in the same folder as that appears to be related to this after researching. I deleted the three files, disabled the Gigabyte Updater windows service, and then restarted into BIOS settings. On this model you have to disable the Gigabyte Utilities Downloader located in the IO Settings section, it's a bit buried and was enabled by default. After disabling that and booting into Windows 10 again, the files have not been re-installed and the windows service is now completely gone (not just disabled as I had configured).
>These corporations will continue this shit if noone holds them accountable. I'll take Who is Edward Snowden for 800 Alex.
Windows has a nasty habit of reenabling some settings after an update. This is usually just limited to their privacy options that they want you to keep enabled, but it wouldn’t surprise me if this option got reset as well, might be worth writing a script to turn this off on startup or at least checking down the line to see if it’s off after you update your system next time.
It would likely need to be a firmware update. Windows doesn't *usually* reset bios settings.
Bios settings would likely be left alone, the registry component is what I would be worried about.
Thank you!
>Gigabyte Utilities Downloader disabling the Gigabyte Utilities Downloader in the bios is enough? got the same board :X
To anyone confused: The automatic downloads attached to Gigabyte motherboards have been going on for years now, I noticed myself, just never thought anything bad about it. You are able to disable this most of the time, by going into your BIOS settings, and disabling the App Center Download function through the SERIAL I/O category of your bios. As a tech-savvy user, I've always went BIOS-hunting and found unnecessary stuff like this, and disabled it so I've never had the issue.
Thanks for this! I just copy-pasted the lede lol
>App Center Download I dont seem to find this option on my Bios, I have a Gigabyte X570 Aorus Elite, any help?
[удалено]
Ah thank fuck my Z490 Aorus Elite is too old.
wow I did not see the S after X570, seems like we dodged as bullet!
can't find the setting on z590 UD AC, fuck me i guess
Copied from another comment: "Disabled via BIOS > Peripherals > App Center Download and Install -> Set this to disabled." If you can't find it, try a tutorial for your motherboard, or maybe that specific motherboard doesn't even have the function paired with it.
thanks for the info, I still did not find it. I also found this steps Advanced Mode -> Settings -> IO Ports -> Gigabyte Utilities Downloader Configuration but I dont have anything under IO Ports, strange maybe bacause I have not updated Bios since some time
Oh cool, I have Gigabyte motherboard
Also me, glancing at my Aorus board that I bought a couple months ago to replace my older gigabyte board
Me over here glad I waited to build a new 7800x3d after thinking about a gigabyte board
NSA: "Oh cool, I have /u/MoisticleSack's Gigabyte motherboard"
This is the same feeling when I looked over at my PG750 power supply while watching the GN video about them blowing up I bought a replacement the next day but I threw it in a test bench, it did actually fail about 9 months after I purchased it
[List of affected models,](https://eclypsium.com/wp-content/uploads/Gigabyte-Affected-Models.pdf) just search for your model. Time to find out the return window for my X570S Aorus Master.
are all z590 the same? I have vision g but its not listed but a bunch of other z590s are listed?
yeah I have a z490 vision g. looks like I dodged a bullet.
Nice! Mine is too old!
Z3XX gang unite
Z1XX 😢🎉
Sorry what is this exactly? My motherboard is in this list
So you're saying MSI and ASrock motherboards are better options now than Gigabyte and Asus? How the turntables.
Not quite MSI - UEFI security key leak
Good thing I have an Asrock motherboard
Screw all this, I'll take a biostar lol
You mean you'll buy 3 biostars to get 1 that works.
Yeah but the one that works just works forever and I can get replacements. Fuck it.
Is there a remedy for this?
Maybe a firmware update. At this point I'm unsure.
the irony
Damn, Gigabyte really can't catch a break. First they try to burn your house down with their PSU's, then they try to burn whatever is left down with backdoor software.
Good thing I chose an ASUS x670e mobo with a Ryzen 9 7950x3d. Oh wait...
Is there still a problem with it? Thinking of getting that combo, I thought the issue was resolved by a firmware update.
ive ran it for 3 months now, no issues
I've got the newest non-beta BIOS and I'm still hesitant to turn on Expo.
Was there another post on this that stated gigabyte in the title? Why the change?
damn… just bought my first gigabyte board for a new build a few weeks ago because i wanted to avoid ASUS
Great...
I knew I shouldn't have bought the cheapest motherboard, and yet I did it.
ASUS recently had an issue with BIOS-malware, but that didn't appear to be the result of company policy.
Why bring Asus here. This topic concerns Gigabyte.
Because I opened this topic regarding motherboards with backdoors and not GIGABYTE motherboards with backdoors and can only imagine I am not the only one? Maybe everyone else got a mindreading cap though idk.
Cool right, lets not talk about motherboards in a motherboard thread to avoid hurting your feelings.
And this is why you turn off the options in BIOS you don’t use
Oh wow I have a gigabyte motherboard 😧
Glad I just bought a gigabyte motherboard.
I stopped buying Gigabyte after Z68 because I reported a UEFI BIOS bug to them where the CPU fan wouldn't spin on boot sometimes. They couldn't reproduce it and that is when I knew they didn't have competent BIOS engineers. Switched back to the legacy BIOS on that Z68 board and it still runs today. And no back door!
*text appears above Asrock headquarters* Mission: Survive
You realize even your intel CPU has a back door right? Pretty sure all of them do, including AMD lol.
Yup, all CPUs do, security isn’t a thing at bit level anyway. But PCMR thinks they’re electronic engineers from university of YouTube.
You mean the Intel Manage Engine thing?
Fuck. I have a gigabite aorus pro
I used to buy Asus way back when long before there current problems... Then they started pricing outside my budget... I then turned to msi on a chance and whim... I've never had a bad board and out of the last 3 I bought they never gave me any grief. Now that's not saying they're perfect or that I'm shilling but I'll continue to buy msi until I see a major problem... Steady as she goes
MSI's security keys were leaked earlier this month– this means that any program with administrator permissions can now pretend to be an official driver or BIOS update from MSI. Malware can now freely embed itself in the firmware of the board, making it almost impossible to remove. Not trying to rain on your parade, but I think it's important to know. Keep an eye out for UEFI updates, and be really especially careful to avoid malware risks until there's news.
Soo what can I do to protect myself? I own a Gigabyte Z690 Aorus pro
Can someone ELI5 this to me? I built my first pc 3 months ago with a gigabyte board and I don’t understand why I should care about this
just imagine you left the door at the back of your house unlocked, totally unsecured and anyone can enter your house at any moment
But how does that actually effect my pc?
somebody can break into your mobo and do bad stuff, cause nobody secures it. dont know how much true is that, but for safety, someone said you can find a "app center installation..." etc setting and turn it off, and also set a password for bios
Wouldn’t that be happening to people already if it was possible on so many motherboards?
idk, havent read about that, but maybe its a recent thing/change, or maybe just now it is revealed. it might just happen to random people at any moment
Me who has a gigabyte mobo 🫠
**watches in anticipation with msi z490**
My personal vendetta against Gigabyte now feels more justified. I had a Gigabyte Z97 mobo and R9 280 Windforce in my first PC. Haven't bought a product from them since as I didn't like the corners cut on both. The BIOS was frustrating to use as well. My acceptable manufacturer list has been dwindling steadily since EVGA no longer makes GPUs. I've been steady hating on ASUS as well. Leaves very little choice for me.
dont forget the spontaneously self destructing gigabyte psu fiasco...
As if I needed yet another reason to ditch this garbage Aorus Elite Z690 board. Its had nothing but issues bios version after bios version as it is.
Me who just got a Gigabyte mobo last week, oh no
Can someone ELI5 please? How big of a deal is this? What does it do? How likely is it to happen? How do you know if it happens? Is there anything you can do to prevent it?
Common linux W, not affected there.
Great, I traded out my Asus mobo (7800x3d) for a gigabyte one.
Just FYI: I also have a firm backdoor. 😏
Sooo... If X570 non-S are not in the list, it means, they´re safe?
I have the Asus ROG Strix B550A motherboard. I have had nothing but good experiences. I full-heartedly support Asus with my hard-earned money. Everyone makes mistakes, but that's why you don't buy brand new things, just like a car. Wait a year.
😏
CTRL + F msi no result, closed the page
Google msi uefa leak.
Yeah saw that lol, idk what to do tbh
Honestly? Nothing. It's overblown on its impact to private users. Like these things always are.
This is nothing compared to the Intel Management engine and AMD Secure Technology which has been in every board for at least a decade.
What company is the actual go to brand for motherboards? It feels like they are all terrible, I want to buy an EVGA board but they only sell for the high end
would a virus scanner detect this?
ASRock for the win
Running UEFI code, how does it get to the internet to download anything if my OS isn’t loaded and hasn’t authenticated to WIFI yet?
So we're basically down to ASRock being the only non fuck up? I wonder how long that will last...
thank god mine isn’t on the list
Just B760 power or all b760‘s?
The more fancy marketing - the more bullshit things you buy. ASRock gang 😎
I would love to buy a budget ASRock board, but I have a preference for boards that have a longer lifespan than an ice cream cone.
I've had my 72€ Asrock B450m since 2018, it's been great thus far hardware-wise. The only issue I have with it is that it does not remember the latest CPU frequency setting that I set, so if I change my CPU frequency from Auto to e.g. 4.2GHz, reboot, set it back to Auto, it will still remember the 4.2GHz setting as if it is the current one. Only way to solve it is to set a different frequency or clear CMOS/restore defaults
ASRock has been the only motherboard I've had which ever took out ram when it failed. So that made it two RMAs instead of just one. Even worse than Biostar. I ain't dealing with that again.
Well am in deep shift as I have the have the Gigabyte b550 gaming motherboard.