SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
6 May 2015

Lenovo computers have another massive security risk

Three months after Lenovo was called out for installing dangerous software onto its computers, the world's largest PC manufacturer has once again been accused of lax security measures.

Security firm IOActive reports that it discovered major vulnerabilities in Lenovo's update system that could allow hackers to bypass validation checks, replace legitimate Lenovo programs with malicious software, and run commands from afar.

Through one of the vulnerabilities, IOActive researchers explained that attackers could create a fake certificate authority to sign executables, allowing malicious software to masquerade as official Lenovo software. Should a Lenovo owner update their machine in a coffee shop, another individual could conceivably use the security hole to swap Lenovo's programs with their own — what the researchers call the "classic coffee shop attack." The security hole, along with others described by IOActive, are present in Lenovo System Update 5.6.0.27 and earlier versions.

Lenovo, the largest PC manufacturer in world, was accused of fatally compromising user security by installing an adware application on all its Windows computers as they leave the factory. The vulnerabilities, which were discovered by the security specialists in February, were brought to Lenovo's attention at the time in order to allow the Chinese firm to develop a fix. Back in February, Superfish caused a major fracas as it turned out to be preinstalled adware that stole private information from Lenovo’s Windows laptops – and while the PC vendor initially denied the software was anything malicious, it quickly backtracked and ditched the program.

The company issued a patch last month that removes the bugs, but owners of Lenovo machines will need to download the security update themselves in order to avoid having their computers compromised by what IOActive calls a "massive security risk." Lenovo may have reacted quickly to the problems, but as the world's number one PC manufacturer tries to grow even bigger, it's yet another embarrassing security hole in its software.

Tags:
Lenovo information leaks
Source:
The Verge
2481
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015