Wednesday, 12 August 2015

Lenovo BIOS Rootkit Installed On Laptops

Computer manufacturer Lenovo has a BIOS rootkit installed on many laptops, so that proprietary software was present on the system, even though Windows from a clean DVD reinstalled. This was reported by The Next Web by means of messages on the forum of Ars Technica and Hacker News .

A user discovered the rootkit in May when its new Lenovo laptop at every restart automatically writing a file system. Lenovo uses the Lenovo Service Engine, which downloads a program called OneKey Optimizer. The software should improve the performance of your computer and sends information about the system back to Lenovo. In the case of Windows 7 or 8 checks the BIOS of the laptop to the presence of a file called Autochk.exe, which then overwrites with its own version. Once the custom autochk file loads, two new files are created, which then additional files from the Internet.

In late July, there appeared an update to the Lenovo Service Engine. A vulnerability among other was discovered by the Dutch security researcher Roel Schouwenberg, would allow attackers to install via a malicious server malware on the system.The BIOS update was published for the Flex 2, Flex 3, G40-80 / G50-80 / G50-80 Touch / V3000, Yoga and several other models. Users need to install this update itself, as it is not automatically deployed.

No comments:

Post a Comment