Latest in Gear

Image credit: Andy Wong / AP

Critical security flaw found in Lenovo PCs... again

But this time it's (possibly) Intel's fault after supplying error-ridden BIOS code.
1797 Shares
Share
Tweet
Share
Save

Sponsored Links

Andy Wong / AP

If you are sick of hearing about how Lenovo Machines are riddled with security flaws, then this ain't the story for you. Security researcher Dymtro "Cr4sh" Oleksiuk claims to have uncovered a flaw in Lenovo machines that could let attackers circumvent Windows' basic security protocols. According to his post on Github, the vulnerable firmware driver was copy-and-pasted from data supplied by Intel. His concern was that other manufacturers might have adopted the same code -- with at least one HP Pavillion laptop from 2010 already identified as packing the flaw.

Lenovo issued a public response, saying that it tried to speak to Oleksiuk before he published the flaw to no avail. It corroborated the suggestion that the code was supplied by a third party working from common code that came from Intel. The firm doesn't go so far as to assign blame to the chipmaker, but there's enough to imply that there's a whole heap of fault going that way. Lenovo added that it's investigating the issue and will work with its partners to develop a fix as soon as possible.

There's also a theory that the compromising piece of code might not have been created in error, but placed there as a backdoor. Oleksiuk mentions this just once, in passing, but the Register points out that Lenovo's public statement leaves a few questions. For instance, the manufacturer says that it is "determining the identity of the original author," because it "does not know its originally intended purpose." Although we'd like to think that if the CIA (or its brethren) did write it, it had the sense not to leave any evidence of its involvement.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
1797 Shares
Share
Tweet
Share
Save

Popular on Engadget

'Minecraft' now has 112 million players per month

'Minecraft' now has 112 million players per month

View
Central banks to question Facebook over Libra cryptocurrency

Central banks to question Facebook over Libra cryptocurrency

View
Verizon will launch home 5G everywhere mobile service is available

Verizon will launch home 5G everywhere mobile service is available

View
Initial Creative Emmy winners include Apple, Netflix and NASA

Initial Creative Emmy winners include Apple, Netflix and NASA

View
New York state bans sales of flavored e-cigarettes

New York state bans sales of flavored e-cigarettes

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr