Lenovo, Dell and Toshibha PCs found to have security risks in pre-installed software
A couple of weeks ago, we told you how some Dell PCs were found to have a pre-installed root certificate.
This poses a great security risk, in that an attacker could easily modify the certificate with some malicious code.
The user would be unaware of the change, which could result in any communication between the computer and websites the user visits being unencrypted. This could then be stolen by the attacker.
Dell had acknowledged the issue, and had promised to fix it in a software update, and alos posted intructions on how to remove the eDellroot certificate, from affected PCs.
And now, some new malwares have been found in some pre-installed software of not one, but of PCs manufactured by three OEMs. The Register reports that the affected parties are Lenovo, Dell and Toshibha.
Lenovo Solution Center:
This is actually the second time that Lenovo has shipped PCs with malware, with the first one being the Superfish fiasco. The new bloatware which affects users is the Lenovo Solution Center. The issue with this app, is that when a user visits a malicious webpage, it could trigger the system to give full admin rights to the page which could then inject malware into the PC.
What’s worse is that, any existing malware on the PC can exploit the solution center, to get full rights, and take over the entire system.
Lenovo has acknolwedged the issue, and adviises users to remove the affected Lenovo Solution Center from their PCs. Instructions for these can be found at the Lenovo support portal.
Dell System Detect:
Dell’s utility also suffers from a similar flaw, which allows attackers to gain full admin rights. This is possible due to a security token obtained from Dell’s own website (seriously?), which the Dell System Detect uses to download manuals. This token can be hacked, which could potentially allow any malicious apps to compromise the security of the PC, thus allowing an attacker full access to the computer.
Toshiba Service Station:
This app, found in the OEM’s computers, also poses a risk in that any user or a Potentially Unwanted App, can exploit it, to gain full access to the operating system’s (read Windows) registry.
It is unclear whether Dell and Toshibha have patched these security issues. This brings us to the question, why do OEMs have to ship their devices with bloatware (pre-installed apps)? We know they’re intended to help the end-user, but very often they end up causing more harm than good. Wouldn’t it simply be better if they could just provide drivers and updates, whilst keeping the PCs bloat-free?