17 November 2022

Lenovo laptop flaws could help malware survive a hard disk wipe

PC manufacturer Lenovo has been forced to push out a security update to more than two dozen of its laptop models, following the discovery of high severity vulnerabilities that could be exploited by malicious hackers.

Security researchers at ESET discovered flaws in 25 of its laptop models - including IdeaPads, Slims, and ThinkBooks - that could be used to disable the UEFI Secure Boot process. That matters because Secure Boot, as its name suggests, is a feature that allows a PC's firmware to be "locked down" as a defence against rootkits, ensuring that only trusted cryptographically-signed code can be run at bootup.

A vulnerability in the laptops' Secure Boot process could open opportunities for cybercriminals to install malicious firmware onto a device that would survive a hard drive being wiped or an operating system being reinstalled.

According to ESET, the vulnerabilities are present because Lenovo mistakenly shipped to the public drivers that were only supposed to have been used during the manufacturing process.


No comments:

Post a Comment