Earlier this year, laptop manufacturer Lenovo got in hot water when it came out that it was pre-installing spyware on its systems. Called Superfish, the program spied on your Internet browsing and injected relevant ads into your browser. Even worse, it was easy for hackers to hijack.
After a major customer backlash, Lenovo released a tool to uninstall Superfish and claimed that it had stopped installing it. Now Lenovo is back in the news with another pre-installed bit of software worse than Superfish.
It's called the Lenovo Service Engine, and it hides out in the BIOS/UEFI of Lenovo laptops. As a reminder, a rootkit is a program, usually a virus, that loads before Windows does. That makes it nearly impossible for security software to detect it or remove it.
In the case, Lenovo's rootkit was there to make sure Lenovo computers have a program called OneKey Optimizer. If the software did get uninstalled, LSE would recreate it, even if the laptop owner wiped their hard drive and installed a fresh copy of Windows.
What turns this from a shady tactic to a disaster is the way LSE works. When it gets updates, it doesn't use an encrypted Internet connection. Hackers who could intercept the connection could use it to install anything on your computer they wanted. That's the bad news.
The good news is that, unlike the Superfish debacle, Lenovo is correcting the situation fast. When security researcher Roel Schouwenberg brought the dangers to Lenovo's attention, it released a tool to disable LSE and stopped installing it on newer computers in June.
Lenovo has a list of affected computers. If you see your computer on the list below, you'll want to visit Lenovo's support page and follow the directions to disable LSE.
- Flex 2 Pro 15 (Broadwell)
- Flex 2 Pro 15 (Haswell)
- Flex 3 1120
- Flex 3 1470/1570
- G40-80/G50-80/G50-80 Touch
- Yoga 3 11
- Yoga 3 14
- Horizon 2 27
- Horizon 2e(Yoga Home 500)
- Horizon 2S