Lenovo has warned users to uninstall its preloaded Accelerator Application software—which is designed to speed up the launch of some Lenovo apps. According to reports, dozens of laptops and desktop PC models from Asus, Dell, Hewlett Packard, and Acer could be exploited by man-in-the-middle (MitM) attacks because of the vulnerable app. Lenovo has sent alerts to its customers regarding “the update mechanism where a Lenovo server is queried to identify if application updates are available”.
The Accelerator application was packed with an unsecured update mechanism that can be remotely executed by an attacker with local network access. Such attacks can result in stealthy malware installation, the insertion of surveillance capabilities, as well as the hijacking of PCs. According to Lenovo’s security advisory, the software was installed on some consumer notebook and desktop systems that were preloaded with the Windows 10 operating system. “Lenovo recommends customers to uninstall Lenovo Accelerator Application by going to the ‘Apps and Features’ application in Windows 10, selecting Lenovo Accelerator Application by clicking on “Uninstall”,” Lenovo said. Affected devices include the Lenovo Notebook 305, Edge 15, Flex 2 Pro, IdeaCenter, Yoga Home 500, and some Yoga product lines. Enterprise-grade laptops such as ThinkPad and ThinkStation devices are not affected.
This isn’t the first time Lenovo’s products came with issues on preinstalled software. Last year, certain consumer Lenovo laptops came with Superfish, a visual search technology that exhibits malicious adware behavior that can break the HTTPS encryption used when the web browser on the user’s computer communicates with websites that use the HTTPS protocol. The software essentially allowed attackers to spy on secure communications via MitM attacks. The pre-installed Superfish root certificate allowed the software to still function even in HTTPS transactions such as logging into online banking accounts, or signing into social media networks. In effect, Superfish replaces all certificates the system receives with its own certificates signed with the installed root certificate.
Unlike adware, however, this MitM attack may not show noticeable signs that communications are being intercepted. The MitM attack uses a rechnique called ARP spoofing to trick users into thinking they are communicating with each other, but in fact, aren’t. This causes network traffic between two computers to flow through the attacker’s system, enabling the attacker to inspect all the data that is sent between the victims, including user credentials and financial details—ultimately leading to remote code execution or device hijacking.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.