Hackers Can Infect >100 Lenovo Models With Unremovable Malware. Are You Patched?

Lenovo has published security updates for more than 100 laptop models in order to address significant vulnerabilities that allow advanced hackers to install malicious software that is nearly impossible to delete or, in some cases, even detect. The fixes are available for download here.

Three vulnerabilities affecting more than 1 million laptops have the potential to provide hackers the ability to modify the UEFI (Unified Extensible Firmware Interface) of a computer.

The UEFI, which stands for Unified Extensible Firmware Interface, is the software that acts as a link between a computer’s device firmware and its operating system. This software, which is the first piece of software to start when practically any modern computer is powered on, serves as the first link in the chain of security.

The fact that the UEFI is stored on a flash chip on the motherboard makes it difficult to detect and even more difficult to remove infestations.

Oh, no, not at all.
Two of the vulnerabilities, identified as CVE-2021-3971 and CVE-2021-3972, are found in UEFI firmware drivers that are intended to be used solely during the manufacturing process of Lenovo consumer notebooks, respectively.

Lenovo engineers made the mistake of including the drivers in the production BIOS images without ensuring that they were properly disabled.

Security features such as UEFI secure boot, BIOS control register bits, and protected range register, which are baked into the serial peripheral interface (SPI) and designed to prevent unauthorized changes to the firmware it runs, can be disabled by exploiting these defective drivers.

Researchers from the security firm ESET discovered and analyzed two vulnerabilities before discovering and evaluating a third vulnerability, CVE-2021-3970.

The system management mode, which is a high-privilege operating mode commonly utilized by hardware manufacturers for low-level system management, provides an opportunity for hackers to load malicious firmware on a compromised computer.

In an interview with Ars Technica, Trammel Hudson, a security researcher who specializes in firmware hacks, stated that “based on the description, those are all really ‘oh no’ sorts of attacks for suitably competent attackers.” “It’s not a good idea to circumvent SPI flash permissions.”

He believes that protections such as BootGuard, which is meant to prevent unauthorized users from running malicious firmware during the boot process, may help to mitigate the severity of the problem. On the other hand, researchers have already discovered major vulnerabilities that allow BootGuard to be bypassed.

Included in this group is a trio of defects discovered by Hudson in 2020 that made it impossible for the protection to function when a machine was brought out of sleep mode.

Making its way into the mainstream SPI implants, which are still uncommon, are becoming more common in the United States. A piece of malware known as Trickbot, one of the Internet’s most dangerous threats, began integrating a driver into its codebase in 2020, allowing individuals to put firmware into nearly any device.

The only two other documented cases of malicious UEFI firmware being used in the wild are LoJax, which was written by the Russian state hacker group known by a variety of names, including Sednit, Fancy Bear, and APT 28, and UEFI firmware, which was written by the group known by a variety of names, including Sednit, Fancy Bear, and APT 28.

The second incidence involved UEFI malware, which was identified on the machines of diplomatic figures in Asia by the security firm Kaspersky.

Local access is required for all three of the Lenovo vulnerabilities discovered by ESET, which means that the attacker must already be in complete control of the vulnerable machine with unrestricted privileges in order to exploit them.

The threshold for gaining access to that level of privilege is quite high, and it would almost certainly entail exploiting one or more serious additional flaws elsewhere, which would already put a user’s safety in jeopardy.

Nonetheless, the flaws are serious because they have the potential to infect unprotected PCs with malware that goes much beyond what is generally feasible with more conventional ransomware. Lenovo has compiled a list of over 100 models that are affected, which can be found here.

“Always be Updated with us visit GeeksULTD for Real-time Updates”

LEAVE A REPLY

Please enter your comment!
Please enter your name here

More like this

How Did John Wayne Gacy Get So Rich? Dark...

John Wayne Gacy was an infamous serial killer who murdered over 30 young men and boys in...

Tamara Jo Comer: James Comer’s Wife, Relationship, Kids, Who...

James Comer has become a prominent figure in Kentucky politics, currently serving as the U.S. Representative for...
Hunter Venturelli Accused

How Did Hunter Venturelli Accused Die? Untold Truth Came...

The recent episode of Fox's impactful anthology series 'Accused' concluded with a somber tribute to 29-year-old Hunter...
how did curious george die

How Did Curious George Die – Ugly Truth Exposed...

Curious George, the mischievous monkey and beloved childhood character, has captured the hearts of readers for decades....

Patrick Swayze Last Photo and the Shocking Details of...

Patrick Wayne Swayze was an American actor, dancer, and singer who was born on August 18, 1952...