Lenovo Computers Leave Door Open for Hackers, Researchers Find

A new security flaw on Lenovo computers renders user privileges nearly useless.
Lenovo Computers Leave Door Open for Hackers, Researchers Find
Chinese customers check out the computers at a Lenovo shop in Hangzhou, Zhejiang province on February 2, 2014. Lenovo computers have a new "High" severity security hole, say researchers. STR/AFP/Getty Images)
Joshua Philipp
Updated:

A major security flaw in Lenovo computers was uncovered just several weeks after researchers found malware pre-installed on Lenovo laptops that was spying on users.

Researchers at security company IOActive revealed a vulnerability they ranked as “High” severity on Lenovo computers. The security flaw renders user privileges on the computers nearly useless. It could, for example, allow a user with a guest account to access any part of the system.

According to Internet security SC Magazine, the weakness “means least-privileged users could gain high-level access to Lenovo PCs, laptops and other devices and run their own malicious commands and programs.”

Lenovo has released a patch for the vulnerability. IOActive alerted them of the hole in February, and according to a statement from Lenovo, the two companies worked together to fix the vulnerability which was in the Lenovo System Update.

The latest finding adds to a growing list of serious vulnerabilities on Lenovo computers.

In mid-February, researchers found Lenovo computers were shipping pre-installed with malware that could spy on users and send them to fake Web pages.

The “Superfish” adware was found installed on all consumer Lenovo laptops, and was designed to inject ads into the user’s Web browser, send their browser information back to the computer, and monitor the user’s activity.

The vulnerability also installed a fake Web certificate that would enable it to send users to fake websites that appeared real.

“We trust our hardware manufacturers to build products that are secure,” wrote security researcher Marc Rogers on his blog. “In this current climate of rising cybercrime, if you can’t trust your hardware manufacturer, you are in a very difficult position.”

“When bad guys are able to get into the supply chain and install malware, it is devastating,” he wrote, noting that “Lenovo has partnered with a company called Superfish to install advertising software on its customer’s laptops.”

A representative from Lenovo said they have “ceased the product relationship with the makers of Superfish” and said “such programs will not appear as preloaded software on Lenovo machines in the future.”

Joshua Philipp
Joshua Philipp
Author
Joshua Philipp is senior investigative reporter and host of “Crossroads” at The Epoch Times. As an award-winning journalist and documentary filmmaker, his works include "The Real Story of January 6" (2022), "The Final War: The 100 Year Plot to Defeat America" (2022), and "Tracking Down the Origin of Wuhan Coronavirus" (2020).
twitter
Related Topics