Essential safety flaw found in Lenovo Computers… again

If you are ill of listening to approximately how Lenovo Machines are riddled with safety flaws, then this ain’t the tale for you. security researcher Dymtro “Cr4sh” Oleksiuk claims to have uncovered a flaw in Lenovo machines that might allow attackers evade Windowssimple security protocols. Consistent withhis submit on Github, the inclined firmware motive force was replica-and-pasted from statistics providedthrough Intel. His difficulty become that other producers may have followed the same code — with as a minimum one HP Pavillion pc from 2010 already diagnosed as packing the flaw.

Lenovo issued a public reaction, saying that it tried to speak to Oleksiuk earlier than he posted the flaw to no avail. It corroborated the notion that the code turned into supplied by way of a third party operatingfrom commonplace code that got here from Intel. The firm would not pass up to now as to assign blame to the chipmaker, however there’s sufficient to imply that there may be an entire heap of fault going thatway. Lenovo introduced that it is investigating the problem and will work with its companions to expanda restoration as quickly as feasible.

there is additionally a principle that the compromising piece of code might not were created in mistakes,however located there as a backdoor. Oleksiuk mentions this simply as soon as, in passing, however theCheck in points out that Lenovo’s public declaration leaves some questions. As an instance, the producersays that it’s fardetermining the identity of the unique writer,” as it “does now not know its originallymeant motive.” Despite the fact that we might like to think that if the CIA (or its brethren) did write it, it had the experience now not to leave any evidence of its involvement.

Supply: The Sign up, Github, Lenovo
In this article: Cr4sh, DymtroOleksiuk, Firmware, Flaw, gear, Intel, lenovo, non-public computing, personalcomputing, protection, UEFI