How did lenovo correct mistakes in the support tool

Whenever we buy a new lappy or computer we get a pool of softwares pre-installed in the system. These are also known as “bloatware” as it just fills the disk space regardless of the user’s wish to have it in the new system or not. Some of these may also be unwanted like the support tools installed by Lenovo.

Whenever we think about buying a new computer or lappy, the first brand that strikes is Lenovo. The PC maker. But, lately Lenovo is recommending all its users to remove a preloaded application from their systems because of serious flaw that would permit attackers on their systems.

The Threat that Lenovo Faced

This threat was pointed out by researchers while analyzing the OEM software update tools from five different PC manufacturers. The company discovered a process called Live Agent which is an updated component of Lenovo Accelerator component which doesn’t use encrypted connection while downloading or checking for updates.

In addition to this also note that, Live agent does not validate the digital signatures of the files which are downloaded before running them. This gives the attackers a gateway to intercept user’s traffic. Like an insecure Wifi connection that may trick the Live Agent into downloading and executing the malware.

This problem is so scary, this gives a third party access to your system resources which are usually locked or protected, which we consider as private, secure from any interferences by the system and the user as well. In-short all your files and system settings with higher permission could be obtained by some unknown software.

Till date, Live Agent is considered as the worst software update since the brand was visible in five different manufacturers. They were Acer, ASUSTek computer, Lenovo, Dell and HP. Hence, Lenovo started requesting all its user to uninstall Lenovo Accelerator Application.

Let us discuss the security flaws in each one of them –

  • Acer − Only flaw is it allows a third party for random code execution.

  • Asus − It permits random code execution along with one medium severity local privilege issue.

  • Dell − It has one risk flaw that is absence of certificate best practices which is also known as eDellRoot.

  • HP − It accompanies two risk flaws which leads to random code execution. But five different medium, to lower these risks were also discovered.

  • Lenovo − It has one risk issue it allows random code execution.

All these companies were asked to report regarding this issue. But Dell was the only one to give a statement about the whole issue and recently Lenovo has fixed the issue while the rest three are still to give an official statement about this whole issue.

However, all the five companies were thankful to the Duo Security for pointing out this serious vulnerability to them. They have testing all the affected tools and will soon give a permanent fix to solve this issue permanently. As customer’s security and privacy is the first priority which should never be compromised.

Issues were discovered by Lenovo’s backend services, which pointed out how this app gives any local user the pass to execute any random code with SYSTEM level privileges. If a user opens a malicious site or fake URL while this app is running in the background the user may be affected even when the app is not running.

One can uninstall it by clicking on ‘Apps and Features’ in Windows 10, then selecting Lenovo Accelerator Application followed by clicking on the “Uninstall” option. For your own safety it is advised to install a clean version of windows on new systems instead of relying on the already installed.

This scenario might be scary enough for new PC buyers, but the good thing is, a way has been found to fix this disaster. Yes, the threat which would allow attackers to implement code with system rights and hijack system has now been resolved. Your system’s privacy will not be compromised.

The computers affected by this vulnerability cannot encrypt any update that has been downloaded through HTTP connections. With obvious outcome, the attackers halts all the requests and sends malware viruses to the system creating major security issue.

The Fix to the Lenovo Problem

The cure for this system disease is Lenovo Solution Center, a pre-installed application on Lenovo laptops and desktops. This app facilitates the users in checking the status of virus and firewalls in their systems, updating their software, having backups, having a check on battery health, run hardware tests and also get information regarding the registration and warranty of the system.

How does Lenovo Solution Center Work?

This application is made of two components. One is a graphical user interface and the second is a LSC Task Service. Now, this service runs in the background before even the user interface has started. This runs at all times without any breaks. The graphical interface interacts with the system like icons, menus used by OS.

This fix was launched on the Lenovo Solution Center version 3.3.002 after the disaster was reported from group of researchers from Trustwave. This deadly issue could give some attacker the complete control of our operating system, without our consent of course.

It is advised that all users should always update LSC after opening the application. In case if you can’t update it then the least you could do is download the latest version manually from the Lenovo’s website. As the proverb goes “prevention is better than cure”.

Prior to this issue, there were two more issues. One was the super fish vulnerability. The Super Fish would intercept HTTPs traffic through self-signed root certificate. Alter was stored in the Local certificate store. This was enabled for security concern. However this was applicable only for Lenovo Notebook products.

We can say that, past year has not been very kind to Lenovo. As it remained in headlines for all bad reasons. It faced some security problems affecting the Windows software. Every time it fixed the problem as soon as it was discovered in the first place, but it seems like these flaws have been forever.

Samual Sam
Samual Sam

Learning faster. Every day.

Updated on: 13-May-2022


Kickstart Your Career

Get certified by completing the course

Get Started