A new case of dangerous software preinstalled on Lenovo PCs

0
Lenovo Yoga 3 11
Lenovo Yoga 3 11

Lenovo preinstalled on some models (photo of a Lenovo Yoga 11 3 ©Pierre Lecourt) of its PC a utility called Lenovo Service Engine (LSE) that sends to its servers some information at the first connection to the Internet, according to the company anonymously. LSE automatically downloads another utility, OneKey Optimizer (OKO), which is supposed to optimize the operating system through some operations. LSE was discovered to use a technique that allows it to be automatic reinstalled even when the whole operating system is reinstalled from scratch and that can be a security problem.

Lenovo got into a storm in February 2015 when it was discovered that the adware Superfish was preinstalled on some company’s PC models and that heavily compromised its security. Evidently it wasn’t the only potentially dangerous program that buyers could find but someone’s attention is now greater. In fact, some reports brought to light that in various desktop and notebook models sold between October 2014 and April 2015 with various versions of Windows there’s LSE, a persistent and dangerous software.

LSE uses a feature called Windows Platform Binary Table (WPBT) that aims to place programs in the PC’s BIOS, meaning at a level where they’re invisible to the operating system. Its purpose is to allow to perform some diagnostic tests and run an anti-theft software.

LSE goes beyond that because it verifies that the Lenovo’s upgrade toos are still installed on the PC and if not it reinstalls them. So far nothing wrong but there are also other programs that get updated and possibly reinstalled and those are of the notorious crapware or bloatware type.

When the LSE presence was discovered, an analysis carried out by a security expert detected a vulnerability in it and OKO. It can be exploited in a pirate attack that could allow even to take remote control of a Lenovo PC. In short, LSE can be considered a rootkit.

When the vulnerability was discovered, Microsoft updated its guidelines regarding the safety in the implementation of WPBT. LSE doesn’t comply with the new guidelines so Lenovo doesn’t preinstall it anymore and released a BIOS update that disables or removes it. The owners of one of the models included in the list can download the utility to disable SLE in the version for laptops or desktops.

This story is another blow to Lenovo’s image after the Superfish case. This time there were maybe good intentions by the company but LSE’s management was at least superficial with the result of creating potential security problems to its customers. Hopefully it’s the last time something like that happens but I’m afraid it’s not.

Leave a Reply

Your email address will not be published. Required fields are marked *