Two Dozen Lenovo Notebook Models Are Vulnerable To Malicious Hacks

November 10, 2022 By Monica Green

(Image Credit Google)

Researchers warned on Wednesday that more than two dozen Lenovo notebook models are susceptible to harmful hacks that disable the UEFI secure boot procedure before running unsigned UEFI software or loading bootloaders that permanently backdoor a device. The laptop manufacturer published security upgrades for 25 models, including ThinkPads, Yoga Slims, and IdeaPads, at the same time that security researchers from ESET revealed the flaws. Because they allow for the installation of malicious firmware that endures numerous operating system reinstallations, vulnerabilities that compromise the UEFI secure boot can be quite dangerous. [caption id="attachment_61109" align="aligncenter" width="1600"] Lenovo Notebook

Image credit: securitynewspaper[/caption] The programme known as UEFI, which stands for Unified Extensible Firmware Interface, connects the operating system and device firmware of a computer. It serves as the initial link in the security chain because it is the first line of code to execute when almost any modern machine is turned on. The UEFI is housed in a flash chip on the motherboard, making it challenging to find and get rid of infections. Because the UEFI infection will just reinfect the computer thereafter, standard methods like deleting the hard drive and reinstalling the OS are ineffective. "Allows disabling UEFI Secure Boot or restoring factory default Secure Boot databases (incl. dbx): all simply from an OS," according to ESET about the flaws, which are listed as CVE-2022-3430, CVE-2022-3431, and CVE-2022-3432. Databases are used by Secure Boot as allow and deny methods. Particularly, the cryptographic hashes of blocked keys are kept in the DBX database. Attackers can remove constraints that are typically in place by disabling or resetting default values in the databases. [caption id="attachment_61110" align="aligncenter" width="1600"] Lenovo Notebook

Image credit: threatpost[/caption] “Changing things in firmware from the OS is not common, even rare,” a researcher specializing in firmware security, who preferred not to be named, said in an interview. “Most folks mean that to change settings in firmware or in BIOS you need to have physical access to smash the DEL button at boot to enter the setup and do things there. When you can do some of the things from the OS, that's kind of a big deal.” Attackers can execute malicious UEFI software when the UEFI Secure Boot is disabled, which is generally not allowed because secure boot requires that UEFI apps be cryptographically signed. Meanwhile, restoring the factory default DBX enables attackers to load weak bootloaders. Three well-known software drivers that might be used to get around secure boot when an attacker has elevated privileges—administrator on Windows or root on Linux—were uncovered by researchers from the security firm Eclypsium in August.

By Monica Green

I am specialised in latest tech and tech discoveries.

Two Dozen Lenovo Notebook Models Are Vulnerable To Malicious Hacks

Walmart's GenAI Search Engine: Challenging Google's Dominance in Retail Search

Introducing the MSI Claw Handheld: Your Ultimate Gaming Companion

Uber Increases In-App Ads, Prompting Mixed Reactions from Customers

Apple's iOS 18: A Leap into the AI Era

Google's Regular Pixel 8 Won't Get Gemini Nano AI

MacBook Air M3 Makes Amends for M2's Storage Blunder

Samsung Unveils the Galaxy M15 5G

Elon Musk's xAI to Open-Source Chatbot Grok

Contra: Operation Galuga - A Modern Run-and-Gun Classic

Musk Confirms X's TV App Arrives This Week

Microsoft claims that China allegedly installs surveillance malware on US systems in Guam

Hackers Stole $1.5M Using Dark Web Credit Card Data

SIM-Swapping Attacks Are Now Protected by T-Mobile

McAfee Discovered a New Mobile Malware in Google Play Apps

Phishers Are Using 'Google Translate' to Steal Users' Data

Basic internet security mechanism can be breached: Team Shows