lenovo Archives

More Pre-Loaded Lenovo Spyware

Oct 2015

Several weeks ago, Lenovo was found to be preloading spyware onto their laptops; now it’s been discovered they’re loading spyware onto their Thinkpads.

Yes, Lenovo has certainly disgruntled a whole new sector of customers. And what with the Thinkpad range being marketed as a business laptop it’s particularly worrying for business customers.

After all, which business wants to get caught up in any type of security threat which could potentially distribute their customers details to third party sources?

Let’s take a quick look at exactly what’s happening.

The Spyware Scandal

The Thinkpad range was purchase by Lenovo from IBM and these refurbished models are being packaged with a piece of software called ‘Lenovo Customer Feedback Program 64’ which is causing the latest controversy.

But what exactly does this spyware do?

Well, it’s there to send customer feedback back to Lenovo’s servers to help improve their products and service. There’s not anything particularly nefarious about that. However, it’s also been discovered that this piece of software contains the following files:

TVT.CustomerFeedback.OmnitureSiteCatalyst.dll
TVT.CustomerFeedback.InnovApps.dll
TVT.CustomerFeedback.Agent.exe.config

It’s the first file which is interesting as it relates to Omniture who are an online marketing and web analytics company. What they do is monitor people’s behaviour online to help build a snapshot of how internet traffic is moving across the web.

Now, although Lenovo do disclose in their EULA (End User Licence Agreement) that software will be transmitting customer feedback to the Lenovo servers it is buried away amongst a lot of text. Additionally, there is no mention that internet usage will be monitored and passed on to Omniture for what is surely financial profit.

Just imagine the security risks this could have with your business if hackers are able to find a loophole in this spyware and can piggyback onto your internet connection? It could spell serious security issues for the security of yours and your customers’ data.

Removing the Spyware

Thankfully, it’s not a mammoth task when it comes to removing the spyware, so just follow these steps:

Download ‘Task Scheduler View’ which is a useful piece of software which displays all the tasks running in Windows
Within Task Scheduler View you will want to disable anything which is related to Lenovo customer feedback and/or Omniture
It’s also recommended to rename the folder “C:\Program Files (x86)\Lenovo” e.g. “:\Program Files (x86)\Lenovo-test” to help prevent any other dubious files being activated or installed

This should that your Thinkpad and your confidential data remain secure and are not at risk of being exploited.

When Will Lenovo Stop?

This is the third security scandal to hit Lenovo this year after the Superfish and BIOS modifying controversies, so consumers are understandably losing their patience with Lenovo.

Although Lenovo claims on their website that “Lenovo takes customer privacy very seriously and the only purpose for collecting this data is to improve Lenovo software applications” it remains to be seen when they will follow through on this pledge.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Lenovo Rootkit Fiasco

Securitylenovo, rootkitOphtek, LLC

Sep 2015

It’s irritating to find a fresh PC full of unnecessary preloaded software, but a Lenovo rootkit has been found sneaking software onto PCs after installation.

Preloaded software such as this is called ‘bloatware’ as it uses up vital system resources, but provides virtually no benefit to the user. Many users, therefore, like to perform a fresh Windows install after unpacking their system to eradicate this pesky bloatware.

However, Lenovo have decided to work around this procedure and are still managing to force their software onto Lenovo systems!

Let’s take a look at how they’re achieving this and what it means for you.

Access via Rootkit?

Many people are accusing Lenovo of resorting to rootkit tactics to make sure their software remains on your system. A rootkit is a malicious piece of software which grants access to your system to remote users. This is commonly used by criminals to steal passwords or credit card details.

However, in this instance Lenovo isn’t actually using a rootkit and they’re not trying to steal your personal details.

How is Lenovo Gaining Access?

Lenovo is actually loading bloatware on to systems by taking advantage of an official piece of Windows software known as the Platform Binary Table (WPBT). The WPBT allows manufacturers to install trusted software to systems in order for them to run properly.

This software needs to be stored within the machine on a physical medium e.g. a hard drive. Now, the most obvious thing to do would be to uninstall this unwanted software, but this is where Lenovo starts to play nasty.

Built into the Lenovo system’s firmware is a piece of software known as the Lenovo Service Engine (LSE). And the LSE runs before Windows boots up and replaces Microsoft’s version of ‘autochk.exe’ with its own.

Normally, autochk.exe is used to verify the integrity of your file system, but Lenovo’s variant installs software which connects to the internet and downloads the bloatware via the WPBT.

The problem is that because the LSE runs before Windows boots up it’s almost impossible to stop this happening even when you’ve deleted the bloatware. It will simply download again thanks to the LSE!

Cleaning up Lenovo’s Bloatware

Once news of Lenovo’s shady activities came to light they were confronted with a lot of bad press.

Not surprisingly they soon released a tool to help remove this rogue software from their systems. There are also numerous guides online advising how to remove the threat manually, but this involves burrowing deep into your system’s code and is best left to an expert.

It was also revealed that all desktop machines which were built between 10/23/2014 – 04/10/2015 contained the LSE, so this is a huge number of systems which have been, to all intents and purposes, infected.

Final Thoughts

The LSE debacle has caused a lot of harm not only to Lenovo customers, but also to Lenovo’s brand values. And the ease with which the WPBT was exploited will also raise many questions about just how secure Windows is.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Lenovo Caught Shipping Laptops with Invasive Adware

Security, Uncategorizedlenovo, security, superfishOphtek, LLC

Apr 2015

Lenovo has been caught red-handed shipping laptops with invasive adware. Read more here to find out the implications of why you should be concerned.

If your office has purchased any number of Lenovo laptops during the latter part of 2014, then these systems are likely affected by pre-installed adware.

There’s now little wonder as to why your office’s antivirus or antimalware software might have been bugging you about a malicious adware named “Superfish”. If your systems administrator hasn’t been able to pinpoint the particular source, the culprit could really be the OS itself or Lenovo.

In 2014, several Lenovo notebook users reported injected advertisements while doing regular internet searches. The adware was identified as “Superfish” with capabilities of injecting third-party advertisements to not only on search engines like Google but by any website visited as well. Experts and technical enthusiasts have determined the adware was already pre-installed with the notebook by the time a unit is purchased.

Is It a Big Issue?

Although Lenovo would claim otherwise, experts point out that this invasive software can affect both users’ privacy and security.

For internet users who are annoyed by those numerous and deceiving web advertisements, this would already be a problem. Even the more savvy users can be deceived due to the nature of the advertisements displayed, which are designed in a way to look like they are part of the search results or the webpage itself.

A serious security threat which can spy and steal your data

Other than the ability to bombard you with online advertisements,”Superfish” also gives the perpetrators an opportunity to spy on the user’s activities when online and even monitor personal data:

The adware installs itself as a root security certificate in the laptops.
A security certificate is a small system file/key that determines which websites, servers, and software are trustworthy and which are not.
A root certificate can be likened to having a “master key”, where its authority will be adopted within the internet settings of a computer.
This makes a computer vulnerable by tricking it into thinking a website is secure, even if it’s not.

It’s a window of opportunity for cyber criminals to spy on their targets or even deceive them to give out personal data like usernames and passwords. There’s also a risk for laptops to be susceptible to malware and virus attacks since they can slip through their antivirus/antimalware software by using the certificates to make them look like legitimate files.

Lenovo’s Response

Lenovo recently confirmed selling their units pre-installed with adware and shipping them worldwide. According to Lenovo, only units produced between September and December of 2014 were affected. Additionally, Lenovo defended the addition of “Superfish” in its laptops citing that the goal was to improve user experience when shopping online and that it does not monitor user activity.

As of January 2015, Lenovo has stopped shipping the adware on its computer products and has promised not do so in the future. It has also disabled “Superfish” and server interactions for the affected units and users. This “feature” should now cease to exist.

Check if you are affected by Superfish

Filippo Valsorda has setup a quick online test to see if your computer and internet connection are affected. The test can be run here.

For more ways to stay protected, contact your local IT professionals.

Tag Archives: lenovo