cancel
Showing results for 
Search instead for 
Did you mean: 

Z390 Has Security Hole

btrach144
Level 7
According to TechNet, all Z390 boards now inject files directly into new Windows installations. This has majority security concerns due to not being able to tell if the files have been compromised, GDPR compliance is broken, and assumption that this will be compliant with future releases of Windows. This feature is enabled by default in the BIOS.

UEFI Rootkit exploits are now becoming real.

https://www.techpowerup.com/248827/asus-z390-motherboards-automatically-push-software-into-your-wind...

By default, this feature should be turned off and ASUS could avoid a lot of the bad press they're about to get.
2,404 Views
9 REPLIES 9

Korth
Level 14
https://www.welivesecurity.com/wp-content/uploads/2018/09/ESET-LoJax.pdf
https://cdn1.esetstatic.com/ESET/US/resources/datasheets/ESETus-datasheet-lojax.pdf

LoJax has been around since at least 2009. Why do you specifically say it affects Z390?
"All opinions are not equal. Some are a very great deal more robust, sophisticated and well supported in logic and argument than others." - Douglas Adams

[/Korth]

Korth wrote:
https://www.welivesecurity.com/wp-content/uploads/2018/09/ESET-LoJax.pdf
https://cdn1.esetstatic.com/ESET/US/resources/datasheets/ESETus-datasheet-lojax.pdf

LoJax has been around since at least 2009. Why do you specifically say it affects Z390?


Not saying this is specific to LoJax but overall ASUS seems to have ignored a couple of best practices when designing this feature. It seems like they had good intensions but didn't fully assess the risk.

MrAgapiGC
Level 13
I read the article. IF the app install drivers without internet, it means that there is a section of the board that have the first drivers and the app itself and self contain. I do not see the a issue here, unless is load it by default in factory. that will be the source of the exploit. Yes is a concern. I use secure boot. and also the only way to corrupt these is hacking asus website. that will be the same as windows update platform, since drivers and updates for te app are from MS store, and get download on internet access FROM the MS store.

I have to read these more. I see these app a bless and all drivers will be updated. There are more chance to get these exploit from installing programs from mega or any other download services or torrents that secure boot has being working from me since i use a lot of torrent uses for sending and getting files that need a lot of space.

Yes is a concern, and Asus should work twice as much safe keeping these CRATE app. that is a app send to the windows rutine that connect to asus websites and MS drivers. Remember ASUS DOES NOT update drivers frequently. there is a huge effort from the community making z170/z270/z370 and now z390 and it equivelant on the strix, in here, making sure that drivers are update. that a us a huge effort. these app can be a double dagar but well taking cared is a huge advantage for us. Just these las weeks i have got drivers that are 2 year behind asus website. my computer, aside of some bugs, are update. and am not defending anyone.

If these works, other platforms will join like x99 x299 and x370, since x470 have these app, on the rudimentary way in the x490. For the moment z390 is the second wave to make these happen and i like it. But asus should make these advantage safe.
Learn, Play Enjoy!

Vlada011
Level 10
Don't spread panic around security holes any more.
We are not interesting population for any one to hack us.

Korth
Level 14
LoJax and similar firmware attacks require either physical access or user incompetence to get installed on a machine. Whatever ASUS (and every other mobo maker) has been implementing in BIOS over the last decade seems to be doing fairly okay in securing the vast majority of users from these attacks, lol.

You could always cut the "Write Enable" trace(s) to your mainboard BIOS chip(s), wire in electrical switch(es), make it physically impervious to (re)writing firmware without explicit user knowledge and explicit user permission. I've done it before on old boards - admittedly I don't know if it would break something in this era of complex interactive UEFI/BIOS firmwares.
"All opinions are not equal. Some are a very great deal more robust, sophisticated and well supported in logic and argument than others." - Douglas Adams

[/Korth]

Carlyle2020
Level 10
I humbly want to mention that there are Europeans who just wait for such a GDPR breach to make an example. The Hamburg ones especially. Please do not give them that satisfaction and move the feature on top of the bios and sadly deactivate is on default. But i fear it is already too late since we get the board already wrongfully (some might even exaggerate and sadly say illegally) preconfigured. That one will bite you in the behind.

Rgds
A fanboy

CharlieHQ
Level 7
this remind of off hillary supporters. Panicking and posting for no reason. Like he was using a CIA computer with ASUS mobo. No one give a crap about some kid in his mom basement. lmfao

CharlieHQ wrote:
this remind of off hillary supporters. Panicking and posting for no reason. Like he was using a CIA computer with ASUS mobo. No one give a crap about some kid in his mom basement. lmfao


hillary supporters? If you're going to to make stupid political comparisons on a tech site at least capitalize proper nouns. Better yet, keep them to yourself.

i9 12900k + Asus Maximus Z690 Apex + EVGA RTX 3090 Ti FTW3 ULTRA
G.SKILL Trident Z5 RGB Series 32GB (2 x 16GB) DDR5 6000l XMP 3.0 Desktop Memory Model F5-6000U4040E16GX2-TZ5RK+ Samsung 870 Pro SSD, EVO 1TB, EVO 2TB
EVGA SuperNOVA 1000 T2 Power Supply + Fractal Meshify 2 XL case
Ek Velocity 2 CPU block, Ek GPU block
Koolance Fittings and QDC's + Mo-Ra 3 Pro 4x180 Radiator
LG 38GL950G Monitor +
Windows 10 Pro

HiVizMan
Level 40
Ok guys lets just remember this is a support forum. Keep it simple and keep it polite at all time.

I will investigate progress and once I have anything to add that is constructive to this discussion I will inform all.

Thanks guys.
To help us help you - please provide as much information about your system and the problem as possible.