One of the most popular Chinese computer manufacturers ‘Lenovo’ has been caught once again using a hidden Windows feature to preinstall unwanted and unremovable rootkit software on certain Lenovo laptop and desktop systems it sells.

Hack Cave

Lenovo Does It Again!

Lenovo has a bad track record, as they were found to be selling laptops pre-installed with Superfish malware a few months ago. Not just that, Lenovo got banned from supplying network equipment for defense services in various countries due to hacking and spying concerns.

Rootkit dubbed as "Lenovo Service Engine (LSE)"

According to Lenovo it is a piece of code inbuilt into the firmware on the computer's motherboard. During windows is installation process, the LSE automatically downloads and installs Lenovo's own software during boot time before the Microsoft operating system is launched, which overwrites Windows operating system files. It injects software that updates drivers, firmware, and other pre-installed apps onto Windows machine, even in case of a clean reinstall of OS. This causes the hidden LSE in the firmware will automatically bring them back as soon as the machine powered on or rebooted.

Check out this too : Windows Mount Manager Bug - Birth of Next StuxNet ?

Impact Of The LSE Rootkit

It has varying destructive impacts for Desktops and Laptops. As per the company claims it sends some basic information like the system model, date, region, and system ID etc to a Lenovo server, just for one time, except any personal data. In case of Laptops it's a different story. LSE installs a software program called OneKey Optimizer (OKO), which according to the company enhances the computer performance by updating the firmware drivers,pre-installed apps, removes junk files and find ways to optimize system performance. But in reality the OneKey Optimizer falls under the category of "crapware" and both LSE as well as OKO appears to be insecure. Holy crap! Isn't it?

Who Are Affected?

According to official statements from Lenovo the new systems that were built since June don't have the BIOS firmware that causes the issue and it's no longer installing Lenovo Service Engine on new PCs. Many Flex and Yoga machines running operating systems including Windows 7, Windows 8, and Windows 8.1 are affected by this issue. Full list of affected notebooks and desktops can be seen on Lenovo's website.

You might also be interested inStageFright: Worst Android RCE Bug ever.

How to Remove LSE Rootkit?

It should be done manually and the below given steps would be sufficient to get rid of this Rootkit.
  • Know your System Type (whether it’s a 32-bit or 64-bit version of Windows)
  • Browse to the Lenovo Security Advisory, and select the link for your specific Lenovo machine.
  • Click the "Date" button for the most recent update.
  • Search for "Lenovo LSE Windows Disabler Tool" and Click the download icon next to the version that matches your version of Windows.
  • Run the program as administrator and It will remove the LSE software.

Did you like the article? Please send your feedback as comments. Also don't forget to share it to your friends and people you care so that they can be safe.

Post a Comment