Thursday, August 13, 2015

How Lenovo imposed a software with a security flaw – Numerama


 For a few months, Lenovo has provided its customers with computers whose BIOS software installation necessary house and exposed its users to a major security breach. The manufacturer had operated improperly a facility provided by Microsoft.

 

 


 While Lenovo is still recovering from the scandal Superfish, now the manufacturer is again under fire for having imposed a software exposes users to serious security vulnerabilities. But it was this time worse, since it is a software imposed by the firmware of the motherboard, that reinstalls itself each time the user formats the hard drive to reinstall Windows.

 


 A range of laptops and Lenovo Desktop PC (see the list here) were provided until June with a BIOS, the Lenovo Service Engine (LSE), who checked every reboot the contents of file C: Windowssystem32autochk.exe used by Microsoft to diagnose possible system damages when Windows starts. LSE replace this file by a variant that also checks for two executable files, LenovoUpdate.exe and LenovoCheck.exe , or added in case of absence.

 


 These two files that run Windows Launch benefit administrator rights, and can download and install whatever they want without any control. Lenovo drivers and downloads, or installs its OneKey Optimizer software (.pdf) supposed to optimize PC performance through automated diagnostics and different settings. Impossible for the owner of such a system to prevent installation, except to give up Windows.


 


  WINDOWS PLATFORM BINARY TABLE

 


 Now a researcher in computer security, Schouwenberg, discovered that it was possible to create a buffer-overflow in LSE for administrator access to the launch of Windows, and so be able, for example, installing a rootkit that will access to the entire system remotely. Lenovo was warned in April of this security flaw and decided in June not to equip its computers with a BIOS LSE. He also published late July a new firmware (for laptops and desktops) for those who had already purchased one of the affected computers to remove LSE and thus to safety.


 


 To impose its software, Lenovo operated a facility provided to manufacturers to indicate at boot a physical memory area on which to include binary run when Windows starts. This is the Windows Platform Binary Table (.docx), designed by Microsoft to allow manufacturers to put the necessary drivers to the proper functioning of the PC, or to install software to detect the connection of a stolen computer, a thief should obviously not be able to uninstall. The WPBT was definitely not designed for industrial impose their software every home relocation or release of Windows, Microsoft has clarified that by changing its security guidelines.


 


 Lenovo says that the flaw affected only the branded Lenovo and no computer Think brand formerly owned by IBM.


 
LikeTweet

No comments:

Post a Comment