Leave a comment

This laptop brand hid a secret rootkit in its computers

This laptop brand hid a secret rootkit in its computers
Photo courtesy of Shutterstock

Earlier this year, laptop manufacturer Lenovo got in hot water when it came out that it was pre-installing spyware on its systems. Called Superfish, the program spied on your Internet browsing and injected relevant ads into your browser. Even worse, it was easy for hackers to hijack.

After a major customer backlash, Lenovo released a tool to uninstall Superfish and claimed that it had stopped installing it. Now Lenovo is back in the news with another pre-installed bit of software worse than Superfish.

It's called the Lenovo Service Engine, and it hides out in the BIOS/UEFI of Lenovo laptops. As a reminder, a rootkit is a program, usually a virus, that loads before Windows does. That makes it nearly impossible for security software to detect it or remove it.

In the case, Lenovo's rootkit was there to make sure Lenovo computers have a program called OneKey Optimizer. If the software did get uninstalled, LSE would recreate it, even if the laptop owner wiped their hard drive and installed a fresh copy of Windows.

What turns this from a shady tactic to a disaster is the way LSE works. When it gets updates, it doesn't use an encrypted Internet connection. Hackers who could intercept the connection could use it to install anything on your computer they wanted. That's the bad news.

The good news is that, unlike the Superfish debacle, Lenovo is correcting the situation fast. When security researcher Roel Schouwenberg brought the dangers to Lenovo's attention, it released a tool to disable LSE and stopped installing it on newer computers in June.

Lenovo has a list of affected computers. If you see your computer on the list below, you'll want to visit Lenovo's support page and follow the directions to disable LSE.

Lenovo Notebook

  •         Flex 2 Pro 15 (Broadwell)
  •         Flex 2 Pro 15 (Haswell)
  •         Flex 3 1120
  •         Flex 3 1470/1570
  •         G40-80/G50-80/G50-80 Touch
  •         S41-70/U41-70
  •         S435/M40-35
  •         V3000
  •         Y40-80
  •         Yoga 3 11
  •         Yoga 3 14
  •         Z41-70/Z51-70
  •         Z70-80/G70-80

Lenovo Desktop
World Wide

  •         A540/A740
  •         B4030
  •         B5030
  •         B5035
  •         B750
  •         H3000
  •         H3050
  •         H5000
  •         H5050
  •         H5055
  •         Horizon 2 27
  •         Horizon 2e(Yoga Home 500)
  •         Horizon 2S
  •         C260
  •         C2005
  •         C2030
  •         C4005
  •         C4030
  •         C5030
  •         X310(A78)
  •         X315(B85)

You can find the LSE disable tool for laptops and the instructions on Lenovo's support site. The instructions for Lenovo's desktops are here.

Next Story
Source: TechWorm
View Comments ()
The 'OwnStar' hack can now hit BMW, Chrysler and more
Previous Happening Now

The 'OwnStar' hack can now hit BMW, Chrysler and more

Old video games worth $10,000 or more
Next Happening Now

Old video games worth $10,000 or more