Lenovo Does Not Want Its PC Security Flaw to go Public
A PC security flaw has been uncovered in Lenovo products and the company did not want this to reach public ears.
This was found by security researcher Dymtro “Cr4sh” Oleksiuk. With this PC security flaw, a hacker can easily disable the write protect feature on Lenovo PCs and access sensitive, personal data.
The vulnerable driver in question reportedly comes from common code by Intel so other manufacturers may as well have the same flaw and it may not be an issue only with Lenovo products.
Lenovo published a response to this flaw stating that the issue was due to common code that came from Intel and that they had tried talking to security researcher Dymtro “Cr4sh” Oleksiuk before he released this information to the general public.
According to Dymtro, Lenovo requested that this PC security flaw was not made public and in a post Dymtro also suggests that this flaw could have been placed intentionally so that it could be used as a back-door. It is possible that it was not placed by Lenovo itself but by companies that the firmware was outsourced to.
According to Lenovo:
“Lenovo is engaging all of its IBVs as well as Intel to identify or rule out any additional instances of the vulnerability’s presence in the BIOS provided to Lenovo by other IBVs, as well as the original purpose of the vulnerable code.”
Lenovo is said to be working on a solution to this issue as quickly as possible and it is ruling out vendors as well as Intel in order to find out the source of this problem. This vulnerable code needs to be fixed.
We do not know if any PCs have been affected by this and if users have been taken advantage of due to this PC security flaw. We will soon find out.