Ukuba zixhatshaziwe, ezi ziphene zinokuvumela abahlaseli ukuba bafumane ukufikelela okungagunyaziswanga kulwazi olubuthathaka okanye ngokubanzi babangele iingxaki.
Kutshanje, kukhutshwe ulwazi Abaphandi be-Eclypsium baye bachonga ukuziphatha okungaqhelekanga kwiinkqubo nge iipleyiti "Gigabyte".
Abaphandi bakhankanya ukuba babhaqiwe ukuba "uEFI firmware" isetyenzisiwe kwiipleyiti yenza ukutshintshwa kunye nokuqaliswa kwefayile ephunyeziweyo yeqonga leWindows, konke oku ngaphandle kokwazisa umsebenzisi ngexesha lokuqalisa inkqubo. Ngapha koko, kukhankanyiwe ukuba ukuqaliswa okuphunyeziweyo kwakhutshelwa kwinethiwekhi kwaye emva koko yazisa izinto eziphunyeziweyo zomntu wesithathu.
Kuhlalutyo oluthe kratya lwale meko, kwaboniswa ukuba ukuziphatha okufanayo kwenzeka kumakhulu eemodeli ezahlukeneyo yeGigabyte motherboards kwaye inxulunyaniswe nokusebenza kwesicelo seZiko leApp elinikezelwe yinkampani.
Kutshanje, iqonga le-Eclypsium laqala ukufumanisa indlela yokuziphatha ekrokrisayo yangasemva ngaphakathi kweenkqubo zeGigabyte endle. Oku kufunyaniswe kuqhutywa ziindlela zokufumanisa i-heuristic, ezidlala indima ebalulekileyo ekufumaneni izisongelo ezintsha nezingaziwa ngaphambili kwikhonkco lokubonelela, apho iimveliso ezisemthethweni zomntu wesithathu okanye uhlaziyo lwetekhnoloji luye lwaphazamiseka.
Ngokuphathelele inkqubo, kukhankanyiwe ukubae ifayile ephunyeziweyo ibandakanywe kwi UEFI firmware kwaye oku kugcinwe kwidiski ngexesha lenkqubo yokuqalisa inkqubo ngexesha lokuqala. Kwinqanaba lokuqaliswa komqhubi (i-DXE, i-Driver Execution Environment), usebenzisa imodyuli ye-firmware ye-WpbtDxe.efi, le fayile ilayishwe kwimemori kwaye ibhalwe kwitafile yeWPBT ACPI, imixholo elayishwa emva koko kwaye yenziwe ngumlawuli. umphathi (smss.exe, isistim yomphathi weseshoni yeWindows).
Phambi kokulayisha, imodyuli ijonga ukuba "UKhuphelo lweZiko le-APP kunye nokuFakela" yenziwe yasebenza kwi-BIOS/UEFI, njengoko ngokuzenzekelayo oku kuvaliwe. Ngexesha lokuqalisa kwicala leWindows, ikhowudi ithatha indawo yefayile ephunyezwayo kwisistim, ebhaliswe njengenkonzo yenkqubo.
Uhlalutyo lwethu lokulandelela lufumanise ukuba i-firmware kwiinkqubo zeGigabyte ikhuphela kwaye iqhuba iWindows yendalo ephunyezwayo ngexesha lenkqubo yokuqalisa inkqubo, kwaye oku kuphunyezwa emva koko kukhutshelwe kwaye kuqhube ukulayisha okungaphezulu ngendlela engakhuselekanga.
Emva kokuqala inkonzo yeGigabyteUpdateService.exe, ukuhlaziywa kukhutshelwa kwiiseva zeGigabyte, kodwa oku kwenziwa ngaphandle kokuqinisekiswa okufanelekileyo kwedatha ekhutshelweyo usebenzisa isignesha yedijithali kwaye ngaphandle kokusebenzisa ukubethelwa kwesiteshi sonxibelelwano.
Ukongeza, kukhankanyiwe ukuba ukukhuphela nge-HTTP ngaphandle koguqulelo oluntsonkothileyo kwakuvunyelwe, kodwa naxa ifunyenwe nge-HTTPS, isatifikethi asizange siqinisekiswe, sivumela ifayile ukuba ithathelwe indawo ngohlaselo lwe-MITM kunye nokubeka ikhowudi yokuphunyezwa kwayo kwinkqubo yomsebenzisi.
Le backdoor ibonakala iphumeza ukusebenza ngabom kwaye iya kufuna uhlaziyo lwe-firmware ukuyisusa ngokupheleleyo kwiinkqubo ezichaphazelekayo. Nangona uphando lwethu oluqhubekayo aluzange luqinisekise ukuxhaphazwa yi-hacker ethile, i-backdoor esebenzayo ebanzi enzima ukuyiphelisa ibonisa umngcipheko wokubonelela ngemibutho eneenkqubo zeGigabyte.
Ukwenza nzima imeko, ukuphelisa ngokupheleleyo ingxaki kufuna uhlaziyo lwe-firmware, ekubeni ingqiqo yokwenza ikhowudi yomntu wesithathu yakhelwe kwi-firmware. Njengokhuseleko lwexeshana ekuhlaselweni kwe-MITM kubasebenzisi bebhodi yeGigabyte, kuyacetyiswa ukuba uvimbele ii-URL ezingentla kwi-firewall.
I-Gigabyte iyazi ngokungavumelekanga Ubukho kwi-firmware yeenkonzo ezizenzekelayo zohlaziyo oluzenzekelayo kwaye ludityaniswe ngenkani kwinkqubo, kuba ukubeka esichengeni isiseko senkampani okanye ilungu lekhonkco lokubonelela (ikhonkco lokubonelela) kunokukhokelela kuhlaselo kubasebenzisi kunye nombutho, kuba mzuzu ukuqaliswa kwe-malware ayilawulwa kwinqanaba lenkqubo yokusebenza.
Ngenxa yoko, nawuphi na umenzi wezoyikiso unokusebenzisa oku ukuqhubeka ukosulela iinkqubo ezisesichengeni, nokuba kunge-MITM okanye ngeziseko ezingundoqo ezisengozini.
Okokugqibela, ukuba unomdla wokwazi okungakumbi ngayo, unokujonga kwiinkcukacha Kule khonkco ilandelayo.