• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • February 28th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Security

Lenovo accused of ‘massive security risk’ by researchers

May 7th, 2015 Waqas Security 0 comments
Lenovo accused of ‘massive security risk’ by researchers
Share on FacebookShare on Twitter

The IOActive researchers reported that Lenovo devices software has serious security flaws and vulnerabilities that can be easily exploited by cyber criminals for installing malware.

Globally active Chinese PC manufacturer Lenovo has been accused by researchers for running a “massive security risk” when experts identified exploitable flaws in its software.

Reportedly, security Firm IOActive’s researchers discovered vulnerabilities in Lenovo software and alerted the company in February 2015. However, the findings were made public only recently.

lenovo-accused-of-massive-security-risk-by-researchers

Lenovo accused of ‘massive security risk’ by researchers

Researchers believe that three vulnerabilities can be easily exploited by cyber criminals for installing malware on user’s PC and thus, the flaw can provide attackers with full control of the system.

The findings were not just acknowledged by Lenovo, but the manufacturer urged users to download and install a patch, which was released in April, for preventing such risks.

Identified Flaws:

One of the three flaws lets both remote and local attackers to “bypass signature validation checks and replace trusted Lenovo applications with malicious applications”, reported the researchers.

This flaw can potentially expose Lenovo users to the “coffee shop attacks” that lets attacker take over a connection to any public Wi-Fi.

Researchers also stated that the attacker can easily “exploit this to swap Lenovo’s executables with a malicious executable.”

The remaining two flaws allow attackers to acquire a higher level of control over any system that they usually can. This way, they can easily run malicious commands, says Professor Alan Woodward, Surrey University’s security expert.

According to Woodward “Lenovo have been found wanting again on the security front. They seem to be exposing users to potential remote hacking this time. Very disappointing!”

He added that Lenovo was “building a lamentable record for security.”

Lenovo was forced to eliminate hidden “Superfish” adware that was pre-installed on its machines, which compromised users’ security.

As per Lenovo spokesman, its security and development teams has been working with IOActive on the identified vulnerabilities in its system’s update feature.

Read the full finding below:

UPDATE:

Lenovo has released a Security Advisory will guides you about fixing the existing security flaw. Click here to read advisory.

[src src=”via” url=”http://www.ioactive.com/pdfs/Lenovo_System_Update_Multiple_Privilege_Escalations.pdf”]IoActive[/src]

[src src=”source” url=”http://www.bbc.com/news/technology-32607618″]BBC[/src]

  • Tags
  • Flaw
  • Lenovo
  • Malware
  • Privacy
  • security
  • Vulnerability
Facebook Twitter LinkedIn Pinterest
Previous article Apple users hit with KYC Validation/iCloud ID review phishing scam
Next article US Court rules NSA phone surveillance program illegal
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
Microsoft release open-source CodeQL queries to hunt SolarWinds hacks

Microsoft release open-source CodeQL queries to hunt SolarWinds hacks

Hackers using malicious Firefox extension to phish Gmail credentials

Hackers using malicious Firefox extension to phish Gmail credentials

Botnet Abusing Bitcoin Blockchain To Evade Detection

Botnet Abusing Bitcoin Blockchain To Evade Detection

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Microsoft release open-source CodeQL queries to hunt SolarWinds hacks
Microsoft

Microsoft release open-source CodeQL queries to hunt SolarWinds hacks

Hackers using malicious Firefox extension to phish Gmail credentials
Security

Hackers using malicious Firefox extension to phish Gmail credentials

Apple Glass may feature 3D Audio and Self-Cleaning in new patent
Technology News

Apple Glass may feature 3D Audio and Self-Cleaning in new patent

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us