We now have 2025 and gigabyte had enough time to do something with their rgb software. Did they make anything better or is it still unuseable?

Hey all, so I recently bought an AORUS B550 Elite V2 for my new 5600X build. Board itself is great, build quality is good and feels very substantial. The build itself went well, no hiccups to speak of.

That is until RGB Fusion 2.0 came into the picture. I have 5 RGB fans that are controlled off the motherboard, it's a 5-pack of some Bitspower (Touchaqua) Notos 120 DRGB fans. I have them running off the included fan control board that came with the case (Fractal Meshify S2) and am just passing the PWM values from the MB and to the fan control board. RGB control is coming from the 5v header on the MB and is being passed to the RGB control board that came with the 5 pack of fans.

Initially everything was going fine. I installed RGB Fusion 2.0 and, while it seemed a little odd that it needed admin privileges to run, I figured it was because it had to access the SMBus or something similarly close to metal. Worked fine initially, the different control options were cool and the music reactive mode was a neat feature. Got that and the Corsair iCUE software set up for my RGB AIO pump and it was off to the races. For about two weeks everything was fine. I could open both programs, change stuff, save it, redo it, everything. But just yesterday I attempted to open the RGB Fusion 2.0 software, and after hanging on the "Please Wait..." screen, my desktop flips out. Icons are gone, taskbar turns completely black, start menu doesn't contain anything, and all the while RGBF2.0 is frozen at the Please Wait screen. I try to open task manager to kill whatever is happening but it's never able to open. After about a minute of my computer having a stroke, I get a BSOD, CRITICAL_PROCESS_DIED. And a restart.

Thank god I didn't have RGBF2.0 set to run on startup because my machine would've been soft bricked. Attempting to open RGBF2.0 now immediately results in a CRITICAL_PROCESS_DIED BSOD and it seems like there's nothing I can do about it. Ran SFC, nothing. Removed iCUE (as I figured it might be a conflict?) nothing. Removed and reinstalled RGBF2.0, nothing. Ran Windows Fresh Start, nothing. Decided to nuke it and just reinstall Win10 completely, nothing. My next plan is to try and reflash the BIOS as it seems like this software might've done something very, very, very bad to some sort of low-level device (SMBus or something similar, mentioned earlier) But i'm seriously afraid of touching anything now that these firmware devices are in such a fragile, partially broken state because...

-start of security rant-

Since then I've done some heavy reading and apparently this software is held together with twigs and scotch tape and does some really, really lazy and dangerous things in order to control the RGB headers. I really suggest you read the article, it's a two-minute read and exposes all sorts of lazy, corner cutting crap. Like, RGBF2.0 pushes entire firmware blobs to the board just to change the color of the LEDs. If you like security research and want to read into why this is so, so SO SO SO INCREDIBLY BAD, you can read Graham Sutherland's informal infosec report here

I'm seriously floored by this, this is like shorting connections on your home's circuit breaker in order to turn your kitchen lights on and off.

I don't know why the software is still so dangerous, or why there hasn't been a class action lawsuit over Gigabyte's negligent behavior regarding this, but this is SERIOUSLY DANGEROUS. The guts of RGBF2.0 were spilled in 2019 and NOTHING has been done to fix it. Even better, this software could EASILY brick your motherboard, because a TON of low-level firmware devices are exposed in order to change the color of the LEDs. Anything goes wrong or gets corrupted during that transfer? Congrats, your PCH firmware is gone. Or your CMOS settings. Or any number of firmware devices.

I'm surprised nobody is currently, actively, daily working on a script to take malicious control over the RGBF2.0 software winkity wink. You would be able to control OR permabrick anybody's AORUS motherboard. It would be easy, some random attacker would already know that most of you guys on here have AORUS equipment! And you probably have RGBF2.0 installed to control your LEDs! That's all the info they would need! Just have to trick you into installing a program that swaps the firmware in the RGBF2.0 folder or interrupting it's SMBus pushes, and it's off to the races. Because guess what, the malicious program doesn't even need admin rights to perform it's dirty work because RGBF2.0 has already exposed your firmware devices to user-mode programs. The next time you change the color of your LEDs, you can kiss your PC goodbye! Isn't that SO cool?!?

Gigabyte, I want to hear a response from you regarding this. This is criminally negligent. You've known about these gaping security holes for over two years now and you still refuse to address it. You've been damn lucky that nobody has taken advantage of your laziness (yet!) and I'm more shocked that nobody has taken you to court over this. This could seriously hurt people, I know most of us on here just use our PCs for gaming, but I'm sure somebody, somewhere is using a AORUS motherboard for a critical application and a security hole like this could mean absolute catastrophe for them or others. Pay your developers more, or use proper third party programs to control your hardware, or don't have RGB support at all if this is how you're going to treat it. This is a relatively easy fix, I don't know why you refuse to acknowledge the issue or do anything about it. Seriously Gigabyte, this is dangerous and embarrassingly bad.

-End of security rant-