Lenovo

Trifecta of Security Bugs Affecting Dell, Lenovo, and Toshiba Products

Posted on Updated on

Most issues can be solved by uninstalling the software

Three major security vulnerabilities are affecting products from Dell, Lenovo, and Toshiba, the security analysts from LizardHQ are reporting.

The three security flaws reside in:

→    Dell System Detect (DSD) versions 6.12.0.1 and earlier

→    Lenovo’s Solution Center versions 3.1.004 and earlier

→    Toshiba Service Station versions 2.6.14 and earlier

The Dell issue

Dell System Detect is a Windows application pre-installed on all Dell PCs and tablets, provided to Dell customers as a way to simplify the process of contacting Dell’s support. This very same service was also where security researchers found the second Dell root certificate in the infamous eDellRoot scandal.

trifecta-of-security-bugs-affecting-dell-lenovo-and-toshiba-products-497226-2

According to LizardHQ’s slipstream/RoL, this app starts an HTTP daemon on ports 8883, 8884, 8885, and 8886, for an internal API. This API can be abused to allow attackers to bypass the Windows User Account Control limitations.

“Not even uninstallation of Dell System Detect will prevent exploitation of these issues; it runs from %APPDATA% so malware could easily drop it on your system to exploit this issue,” says slipstream/RoL.

He recommends the uninstallation of Dell System Detect and then blacklisting the DellSystemDetect.exe from being executed.

The Lenovo issue

The Lenovo Solution Center is a pre-installed app on Lenovo laptops that enables users to check the health of their system and network connections (how ironic).

According to LizardHQ’s slipstream/RoL, attackers can run malicious code and escalate their privileges to SYSTEM level using a bug in the Lenovo Solution Center. This is only possible while the Lenovo Solution Center is open.

To stay safe, users are encouraged to uninstall the Lenovo Solution Center, a recommendation issued not only by the security researcher but by CERT and Lenovo itself too.

The Toshiba issue

Toshiba Service Station is an application that the company provides to allow users to search and install software for their specific brand of computer.

Issues inside this software allow attackers with lower privileges on the machine to read parts of the Windows registry as SYSTEM-level users.

As with the Lenovo issue, uninstalling the Toshiba Service Station removes any danger of exploitation.

The LizardHQ team has made proof-of-concept code available for all three cases.

Source:http://news.softpedia.com/

This entry was posted in Expoilts & Vulnerabilities and tagged , .

Lenovo used shady ‘rootkit’ tactic to quietly reinstall unwanted software

Posted on

Lenovo has been caught using a technique, often used by some malware to withstand being deleted, to reinstall unwanted software on the computers it sells.

As reported on a number of forums and news-sharing sites, some users have accused the computer maker of overwriting Windows files to ensure its own-brand software and tools were installed — even after a clean install of the operating system.

The issue was first reported as early as May, but was widely reported Tuesday.

The “rootkit”-style covert installer, dubbed the Lenovo Service Engine (LSE), works by installing an additional program that updates drivers, firmware, and other pre-installed apps. The engine also “sends non-personally identifiable system data to Lenovo servers,” according to the company. The engine, which resides in the computer’s BIOS, replaces a core Windows system file with its own, allowing files to be downloaded once the device is connected to the internet.

Lenovo used shady 'rootkit' tactic to quietly reinstall unwanted software
Lenovo used shady ‘rootkit’ tactic to quietly reinstall unwanted software

But that service engine also put users at risk.

In a July 31 security bulletin, the company warned the engine could be exploited by hackers to install malware. The company issued a security update that removed the engine’s functionality, but users must install the patch manually.

Many Yoga and Flex machines (among others) running Windows 7, Windows 8, and Windows 8.1 are affected by the issue. Business machines, such as Think-branded PCs, are not affected.

A full list of affected notebooks and desktops is listed on Lenovo’s website.

It’s not the first time Lenovo has been caught in a privacy-related pickle.

Earlier this year, the computer maker was forced to admit it had installed Superfish adware over a three-month period on new machines sold through retail channels. The adware had the capability to intercept and hijack internet traffic flowing over secure connections, including online stores, banks, among others.

Users were told they should “not use their laptop for any kind of secure transactions until they are able to confirm [the adware] has been removed,” security researcher Marc Rogers told ZDNet at the time.

It was thought as many as 16 million consumers and bring-your-own-device users were affected by the preinstalled adware.

Source:http://www.zdnet.com/

This entry was posted in Ciber Seguridad General, Virus, Malware, Spyware and tagged , , .