Serious Security Flaw Exposes Lenovo

Lenovo.jpg

It seems like geek technology is wrecking havoc in surprisingly alarming ways, and to be fair, while most of the stories out there can be described as nothing but alarmist garbage, every once in a while, we come across some stories about technology that can simply be described as grimy and un-American.

As many of you (pretend to) know that Lenovo is the world’s largest PC maker. The company has also been recently involved in some unethical behavior, which falls under the list of the un-Americanism we had previously mentioned. The news of the newest technology security flaw comes only three months after the company found itself in hot water for being implicated in pre-installing dangerous adware onto their own systems.

Once again, the manufacturing giant has been accused of putting its users at risk with a serious security flaw which has been discovered only recently. The flaw in question allows Lenovo’s own product update service to enable hackers to download malware onto their computer system via a MiTM or man-in-the-middle attack. The recent gaps in the security of Lenovo’s devices was found just weeks after the controversial “Superfish” malware was found on Lenovo’s systems. Surprisingly, the well-documented Superfish security flaw had also led to many systems being attacked with the same MiTM.

The security flaw was revealed by two researchers from a security firm IOActive, Sofiane Talmat and Michael Milvich, who both stated that the recent security flaw that has been found in Lenovo’s systems is very serious since high severity vulnerabilities were found on the system’s own update service. According to Talmat and Milvich, while the update feature allows users to install the latest drivers along with other software for their system, it also includes a security gap which enables hackers to take advantage of the system.

Both security analysts found the flaw in Lenovo back in February and waited for the company to take action by patching up the very serious vulnerability. But, after months of waiting, the two decided to come out with their findings after Lenovo showed no signs of fixing the security flaw in their system. And while Lenovo provided a security patch last month which addresses the issue, Lenovo users are still complaining that while the patch does fix the issue, it has to be downloaded to protect their systems.

And that’s not all. The two security experts found not only one security flaw in Lenovo’s system, but two. The first one codenamed CVE-2015-2219 is a general weakness in the core of Lenovo’s security system, which allows least privileged users to gain access to Lenovo computers at a high level, and then runs malware commands and programs without the user ever knowing what happened.

The second security flaw which was found by the two has been codenamed CVE-2015-2233 and allows not only local but also remote hackers to easily bypass the system’s signature security checks and replace the validation checks with malware that infects the whole system. And it only gets worse for Lenovo, as a third security flaw codenamed CVE-2015-2234 was also revealed by the security firm, which allows unprivileged users to execute commands as a system administrator. All of these problems affect Lenovo’s new technology 2015 system update 5.6.0.27 along with earlier versions of system updates as well.

According to the researchers, the attackers are able to create a fake security certificate which is then used against the system since Lenovo doesn’t perform a thorough check on the executables after they have been downloaded through the system update.

Remote hackers who are able to perform a MiMA attack, which is more popularly referred to as a coffee shop attack can then exploit this to swap the system’s executables with the executable containing the malicious software. The company has been plagued by security issues that don’t seem to go away, and these recently found flaws aren’t doing much to help Lenovo win back the trust of their faithful users. In recent months, the company has been criticized by users as well as security experts due to the many security related flaws that have been found in Lenovo’s computers.

For More Information: http://www.technogigs.com/

 
0
Kudos
 
0
Kudos

Now read this

Vega Sport Electrolyte Hydrator-Berry Flavor

Recovering from strenuous post workouts situation is very hard and you need to find the right way for speeding up the process. During post workout sessions, your body is extremely exhausted, worn out and needs time to retain back its... Continue →