The flaws allow an attacker to write malicious content to the UEFI firmware which makes it a doddle to install UEFI ransomware and prevent the BRIX devices from booting.

The Cylance researchers say the same flaws can be used to plant rootkits that allow attackers to persist malware for years. The two vulnerabilities discovered are CVE-2017-3197 and CVE-2017-3198.

CVE-2017-3197 exists because Gigabyte failed to put write protection on its UEFI firmware. The second vulnerability is because they forgot to implement a system that cryptographically signs UEFI firmware files.

Cylance claims that Gigabyte uses an insecure firmware update process, which doesn't check the validity of downloaded files using a checksum and uses HTTP instead of HTTPS.