Lenovo laptops vulnerable to dangerous malware, Israeli company finds


Staff member
Lenovo laptops vulnerable to dangerous malware, Israeli company finds
Over 100 models of Lenovo computers were found to be vulnerable to harmful malware by an Israeli cybersecurity company.
Published: APRIL 19, 2022

A firmware breach that exposes over 100 different models of Lenovo computers to harmful malware was found by Israeli cybersecurity company ESET, the company announced on Tuesday. The breach can be traced to the Unified Extensible Firmware Interface (UEFI), according to ESET. UEFI is a critical component of a computer that contains the code required to link the operating system and the computer hardware.

ESET warned that Lenovo's computers are vulnerable to dangerous malware such as LoJax and ESPecter. When these programs infect the UEFI, it is able to survive not only a reinstallation of the computer's operating system but also the replacement of a physical hard drive. Through the UEFI breach, hackers are able to gain full control over the infected device and potentially compromise other devices on its network.

more.............. https://www.jpost.com/business-and-innovation/tech-and-start-ups/article-704592

Tall Timbers

Imperfect but forgiven
My primary computer is a Lenovo Thinkpad. Hope they come out with a patch now that the vulnerability is exposed. Of course, I don't know if my model is affected since they don't list the affected models. They've probably published this to light a fire under Lenovo's feet to do something about it.

Tall Timbers

Imperfect but forgiven
A list of affected Lenovo's is here - https://support.lenovo.com/us/en/product_security/ps500001-lenovo-product-security-advisories?clickid=wBAzt6Q2axyIUpWXXaxTW1-gUkGXEqy1yVcmTA0&irgwc=1&PID=221109&acid=ww:affiliate:bv0as6

and is quite extensive - one way is to reformat your drive reinstall your OS with full disk encryption making disk data inaccessible if the UEFI Secure Boot configuration changes,

That's some list. Looks like I'm good with the latest bios update that I installed just a few days ago. Looks like it goes way beyond Lenovo with many individual computer components, but the bios attack would probably be worse than most of the rest.