Search

Rss Posts

Rss Comments

Login

 

Lenovo Installed Software On Laptops That Persisted After Complete Wipes

Aug 13

An anonymous reader writes: The Next Web has confirmed reports from owners of Lenovo laptops that the company used a BIOS feature to install its software on the laptops even if a user wiped a device clean and reinstalled the operating system. “If Windows 7 or 8 is installed, the BIOS of the laptop checks ‘C:\Windows\system32\autochk.exe’ to see if it’s a Microsoft file or a Lenovo-signed one, then overwrites the file with its own. Then, when the modified autochk file is executed on boot, another two files LenovoUpdate.exe and LenovoCheck.exe are created, which set up a service and download files when connected to the internet.” Lenovo has published a patch to remove this functionality. The article notes that this technique seems to be sanctioned by a Microsoft policy. “Manufacturers are obligated to ensure that the mechanism can be updated if an attack is discovered and should be removable by the user, but the rules outlined in the document are fairly loose and don’t require the OEM to notify the owner of the laptop that such a mechanism is in place.”


Read more of this story at Slashdot.

View source

Comments are closed.