Skip to comments.Lenovo ThinkPad zero-day bypasses Windows security
Posted on 07/03/2016 4:15:43 PM PDT by Utilizer
A researcher has discovered a new low-level zero-day exploit that overrides the protection for the firmware code in Lenovo ThinkPads and other laptops, bypassing hardware and Windows security features.
Last week, Dmytro Oleksiuk, also known as cr4sh, released the code for his ThnkPwn proof of concept on Github, showing how it can be used to exploit a flaw in the unified extensible firmware interface (UEFI) driver for privilege escalation.
This lets attackers remove the write protection for system flash memory, and allows them to run arbitrary code with full access to the entire victim system.
Lenovo had not received advance notification of the vulnerability, making the exploit a zero-day with no mitigation available.
(Excerpt) Read more at itnews.com.au ...
Lenovo has been infamous for years for its security issues...
The ChiComs used to ship them with spyware pre-installed.
Lenovo Caught (3rd Time) Pre-Installing Spyware on its Laptops
Yet another pre-installed spyware app discovered on Lenovo ...
And now yet another one.
Perhaps the OpenBIOS coders can help out here...
This looks pre-windows. Conceivably you could have a machine with no OS of any flavor and compromise the firmware. Since you’re addressing the firmware the exploit would remain independent of OS - or even a HDD bring present.
Glad I don’t use any in the office.
I think you mean: pre- windows loading.
I think now that the flaw has been discovered that the OpenBIOS people can write in a script to bypass it and render it ineffective.
Of course, couple this with the discovery quite recently that there are some CPUs shipping with an embedded alternate CPU that can be accessed under certain circumstances and a quite troublesome trend appears to be emerging...
3 years ago, NASA awarded the ACES contract, the contract that supplies all computers to NASA, to HP. Guess what HP started putting on folks desks?
I personally heard an IT guy tell me of them setting up new computers for configuration.... and the new computers, OUT OF THE BOX, established a connection to China and started uploading.
Security personnel caught the breach in about 5 minutes and came running into the room pulling network cables.
“Nice working with you Dave!”
HP = Has Problems.
Yet another reason to avoid HP and Lenovo.
Thanks to Utilizer for the ping!
Note this could affect -any- OS on the Lenovo hardware; but of course most Lenovo's run Windows...
I dunno... with very few exceptions, pretty much every machine I work with on a constant basis is an HP machine.
Well, and some Compaqs as well, but since HP bought out Compaq they are now the same company so I suppose the distinction matters only to the purists and old-timers still mucking about out there. :)
The very first line specifically states that the fault is in the firmware for the laptop. I always love when you post a Windows article, Utilizer. You’re usually good for a chuckle.
It was determined that the second CPU was the "Management Engine" in the motherboard chipset (NOT the main x86 CPU), that it has been there for a LONG time, and was known about but largely ignored except for special cases like enterprise deployments.
These fancy chipsets have to have their own embedded CPUs to do command, configuration, and control on the motherboard, communicating with the main CPU when required. How the heck else could all those features be programmed?
So I'm not sure that ranks as a "recent discovery". More like "increased awareness". Area 51 it ain't. :-)
Hps always gave us problems because of their proprietary bios and startup crap.
Glad to help your amusement along mate!
In the same manner that the OS NSA Backdoor Code was there all along and pretty much ignored by everyone who came across it.
Until some people started asking questions...
The second CPU is claimed to be nonoperational for the vast majority of the machines out there.
And you trust the word of company employees who derive a large part of their corporate earnings (and thus their salary) on the claims of their official bosses?
I think after past history is taken into account we should all err on the side of caution and act like the machine might well be compromised.
Rather like you ALWAYS assume the WebCam is ACTIVE... and remember to take precautionary measures at all times.
This was put in by the Chinese as a backdoor.
Lenovo is Chinese owned and they want access to our secrets.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.