Lenovo Covertly Downloading, Installing Software on Its Windows PCs: Reports

  • Thread starter Thread starter Sarkar
  • Start date Start date
  • Replies Replies: Replies 2
  • Views Views: Views 1,146

Sarkar

Member
Joined
1 Jun 2013
Messages
11,003
Reaction score
11,367
lenovo_superfish_vulnerability.jpg


Lenovo has reportedly been caught using a "rootkit-like" technique to forcefully install a bunch of software on its Windows-powered machines. The largest PC vendor is said to be using the BIOS to track a certain application in Windows' system files and overwrite it on boot up with its own programs. Furthermore, the mechanism the company utilises to tweak the BIOS is vulnerable and can be used to install malicious code. Lenovo has issued a patch to remove the vulnerability, but users will have to download and install it manually.

Multiple users report that the Chinese computer manufacturer is covertly installing its software on Windows-powered computers. One person who goes by the username 'chuckup' on Hacker News, notes that a Lenovo service gets installed on the machine even after performing a clean OS install on a new SSD using a Windows 8 DVD. The company is installing an application called "Lenovo Updater" using a mechanism that appears to resemble a rootkit, an unauthorised way to gain access, on its computers using something called Lenovo Service Engine (LSE) to download a program called OneKey Optimiser (OKO).

Here's how the company describes this application, it "is powerful, next-generation system optimization software designed specifically for Lenovo computers. It can enhance your PC's performance by updating firmware, drivers, and pre-installed apps. It also provides power management schemes that can extend the life of your battery." But that's not all. As The Next Web, points out the application also sends data to Lenovo server to help them "understand how customers use [their] products." A predefined setting made to the BIOS forces it to verify a program called "autochk.exe" (found here: Windows\system32) to see whether it is signed by Microsoft or Lenovo. In case of the former, it seemingly overwrites the file with its own.

This application then creates LenovoUpdate.exe and LenovoCheck.exe programs which further download more files when the computer establishes a connection with the Internet.

If that wasn't dubious enough, a vulnerability was found in the way Lenovo uses Lenovo Service Engine to download files. The company issued a patch to remove the functionality on July 31, but it will have to be downloaded and installed manually. An advisory on Lenovo's official support site notes that a number of laptops and desktops including Yoga 3 14 and Z70-80 / G70-80 are vulnerable to the attack.

The vulnerability once again raises concerns about an OEM's authority over the software it loads on its systems. Lenovo was widely criticised earlier this year over the Superfish fiasco wherein one of the apps it preloaded was categorised as adware.

Microsoft allows manufacturers to make changes to BIOS and even allows them to push software for installation from BIOS. However, a manufacturer ideally needs to update the mechanism if a vulnerability is detected in it.

Lenovo Covertly Downloading, Installing Software on Its Windows PCs: Reports | NDTV Gadgets
 
Using a Lenovo PC or Laptop? You Need to Read This


lenovo_horizon_2.jpg



Lenovo has urged its users to download the latest BIOS firmware update that disables a controversial "unwanted software" from its machines. Amid strong criticism after the revelation of "surreptitious" installation of certain programs in a large number of Lenovo PCs and laptops, the world's largest PC manufacturer has broken its silence on the matter.

The company was thrown under the last week when several users started to report that the PC manufacturer was using a "rootkit-like" technique to forcefully install a bunch of software on its Windows-powered PCs and laptops. Lenovo was using BIOS to keep track of certain applications on Windows' system files and overwrite it on boot-up with its in-house alternative called Lenovo Service Engine (LSE).

Furthermore, a vulnerability was found in the way the company was tweaking the BIOS. The vulnerability, if exploited, allowed an attacker to gain admin-level access of the system and install malicious code. Lenovo issued a patch to fix it on July 31, but it requires manual installation.

In a public announcement, the company has now said that its latest BIOS firmware, which was released on July 31, disables the script which allowed automatic reinstallation of unwanted software even after a full Windows wipe. The vulnerability affected a large pool of Lenovo PCs and laptops including Flex 3 1120, Yoga 3 11, and Horizon 2 27 among others. All the new laptops that shipped after June 2015 aren't affected with the said vulnerability.

"The vulnerability was linked to the way Lenovo utilised a Microsoft Windows mechanism in a feature found in its BIOS firmware called Lenovo Service Engine (LSE) that was installed in some Lenovo consumer PCs. Think-brand PCs are unaffected," wrote Lenovo.

"Lenovo and Microsoft have discovered possible ways this program could be exploited in the Lenovo Notebook implementation by an attacker, including a buffer overflow attack and an attempted connection to a Lenovo test server."

The update firmware is available to download from company's website. Depending on the configuration of your BIOS, Lenovo has also put up instructions to help you install the update on your machine.

The full list of impacted products is as follows:

Lenovo notebooks: Flex 2 Pro 15 (Broadwell), Flex 2 Pro 15 (Haswell), Flex 3 1120, Flex 3 1470/ 1570, G40-80/ G50-80/ G50-80 Touch, S41-70/ U41-70, S435/ M40-35, V3000, Y40-80, Yoga 3 11, Yoga 3 14, Z41-70/ Z51-70, Z70-80/ G70-80.

Lenovo desktops (world wide): A540/ A740, B4030, B5030, B5035, B750, H3000, H3050, H5000, H5050, H5055, Horizon 2 27, Horizon 2e (Yoga Home 500), Horizon 2S, C260, C2005, C2030, C4005, C4030, C5030, X310 (A78), X315 (B85).

Lenovo desktops (China only): D3000, D5050, D5055, F5000, F5050, F5055, G5000, G5050, G5055, YT A5700k, YT A7700k, YT M2620n, YT M5310n, YT M5790n, YT M7100n, YT S4005, YT S4030, YT S4040, YT S5030.

This is the second time the company has been caught indulging in installation of "unwanted software" on its machines. In February, Lenovo was found shipping its Windows-powered machines with an adware called "Superfish" pre-installed.

Using a Lenovo PC or Laptop? You Need to Read This | NDTV Gadgets
 
Back
Top Bottom