Slashdot Mirror

← Back to Stories (view on slashdot.org)

Yet Another Compromising Preinstalled "Glitch" In Lenovo Laptops

Posted by timothy on from the hey-stop-catching-us! dept.

New submitter execthis writes: Japanese broadcaster NHK is reporting that yet another privacy/security-compromising "glitch" has been found to exist in preinstalled software on Lenovo laptops. The article states that the glitch was found in Spring and that in late July Lenovo began releasing a program to uninstall the difficult-to-remove software. The article does not specify, but it could be referring to a BIOS utility called Lenovo Service Engine (LSE) for which Lenovo has released a security advisory with links to removal tools for various models.

7 of 89 comments (clear)

  1. Re:Who would have thought there was more? by Z00L00K · · Score: 5, Insightful

    We are just seeing the tip of an iceberg here - we can't trust our computers anymore.

    --
    If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
  2. Shitty article by buckfeta2014 · · Score: 5, Informative

    Why even post this article. It's 2 lines. "Oh we found something", well good for you, how about telling us what you actually found?

    --
    Buck Feta. You know what to do.
  3. Can't trust LOCKS anymore by Anonymous Coward · · Score: 2, Insightful

    FFS, courtesy of the TSA backdooring luggage locks, even the locks are worthless these days.
    http://boingboing.net/2015/08/21/make-your-own-tsa-universal-lu.html

    Spotify decides to help itself to all your data on your phone on an upgrade. And Google make a phone that permits that.

    Samsung installs spyware/helpware on their phones and tablets that let it take over the tablet remotely and do *everything*, read everything, fake SMSs intercept calls, the lot. Hackers backdoor this and suddenly people are aware their stuff is just spyware only because hackers 'misuse' it, as if that feature was ever useful.

    HTTPS/TLS is backdoored because certificate authorities are NSA backdoors.

    Uber has its 'god' app that spies on its customers wherever they go and whoever they meet with.

    It's like governments have abrogated their duty to protect people from this kind of shit and companies like Uber and Lenovo are having a field day.

  4. Its a dumb feature by Karmashock · · Score: 5, Interesting

    The last thing I want is my firmware getting updated automatically.

    I'd really like for all writable memory in my computer to be removable. And that includes the bios memory. Have it be a micro SD card or something.

    Here someone will say it will make the machine take 1 second longer to boot up or OH NOES the mobo will cost 10 cents more to make. But its worth it. It means you can audit the system to check for viruses really easily. You pull the chip, plug it into a clean system, and scan it. Or if you prefer... wipe it. Write the whole thing with ones then zeros... and then flash it with a proper version of the bios.

    And this also means that corrupted bios memory is less of a problem. You can pull the chip. Sure, if the processors or something else is damaged then this won't help. But i've had a few mobos that were totally fine except the bios was so corrupt you couldn't flash a fresh version. With this change, that problem is gone.

    Cue people saying "you can't do that because no one has done it that way yet"... climb a fucking tree so I can throw bananas at you then, you filthy animal! :-D

    --
    I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
    1. Re:Its a dumb feature by drinkypoo · · Score: 2

      What I want way more than removable is I want bios write enable jumpers back. Some motherboards have them, but they are rare. I buy Gigabyte boards, so they have dual BIOS, so I'm not worried about my BIOS being taken out. If I had a WP jumper, I wouldn't be concerned about it being maliciously overwritten, either.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    2. Re:Its a dumb feature by Karmashock · · Score: 4, Interesting

      I want the want the writable memory chip to be a micro SD card. or something equally easy to plug into another machine to independently wipe it and verify that its wiped.

      Let me add some additional benefits of this... DRIVERS.

      If we use an SD card, then we can put more stuff on it than just the bios. OR the bios could be fucking massive. Either concept has some interesting possibilities.

      Imagine if the OS queried the motherboard for drivers. We could store viable copies of the drivers the system needs to use most of the installed hardware. That's nifty. Reinstall... no need to go hunting around for the right driver files. Automatically installed... actually. Not in theory... but actually. Anyone that has built a lot of machines knows what I'm talking about.

      And a giant bios could mean the bios could have a lot of additional functionality built into it. Not just the man behind the curtain.

      --
      I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
  5. Re: Who would have thought there was more? by RoverDaddy · · Score: 5, Informative

    The BIOS isn't installing apps to the hard drive (give it time?) As AC indicates this is a Windows-only issue. the BIOS -holds- an application that Windows helpfully detects and installs into itself on behalf of the hardware. A Linux system will totally ignore the app (which is Windows-specific anyway!!) sitting in the BIOS.

    --
    RETURN without GOSUB in line 1050