Researchers Discover Another ‘Massive Security Risk’ In Lenovo’s Update System
According to a security firm, IOActive, Lenovo’s update system is greatly vulnerable to hackers’ attacks. Discovery of another “massive security risk,” just after three months of the Superfish scandal, puts a serious question mark on the security measures of one of the world’s largest PC manufacturer.
The report outlines that the hackers can not only manipulate the validation checks, they can discard Lenovo’s genuine programs to infuse malicious software. In addition, “this vulnerability allows local least-privileged users to run commands as the SYSTEM user,” the report reads.
Explaining the vulnerability, the researchers said that miscreants can misuse the certificate authority by creating a fake one of their own. They can use this fake certificate authority to advance malicious software in disguise of Lenovo original.
The researchers discovered the security flaws back in February. Afterwards, the security firm pursued the Chinese PC manufacturer to make it aware of the security deficiencies so it can work for the improvement.
IOActive has forwarded a problem fixer patch which can be used by Lenovo to remove the found bugs. However, individual users have to download the security update themselves if they want to protect their devices.
In the earlier Superfish scandal, the software badly affected its hardware. The Hardware firm was, however, pretty quick to rectify the issues. It not only disabled the software but paid users’ compensations, for their loses, as well.
“We recognise that the software did not meet that goal and have acted quickly and decisively. We are providing support on our forums for any user with concerns,” Lenovo said at the time.
Have something to ask or add? Head down to the comments section.