A Dangerous Loophole: Lenovo’s Security Mishap

BY:

Jul 8, 2016

Why Lenovo is telling users to remove an application because of a dangerous loophole.

Lenovo has been urging its users to remove one of its applications after the discovery of a serious vulnerability. Let’s look at the definition of the vulnerability and what it does and how it works. Here’s why Lenovo is advising users to remove a certain application.

Lenovo Security Hole

The Security Flaw in Question

The Chinese Multinational Technology Company discovered a serious RCE vulnerability in Lenovo, which resulted in a publication of a security advisory covering the flaw. The flaw identified was found in the Lenovo Accelerator Application software, which made it possible to exploit a user with “man-in-the-middle” tactics.

The reasons why the Accelerator application is used is because it speeds up Lenovo applications for launch. This application is installed on some desktops and notebooks using the Windows 10 operating system, but it does not affect ThinkStation or ThinkPad devices since it was never installed on these products.

Why Man-in-the-Middle Attacks Are an Issue

A man-in-the-middle attack can pose a serious threat to anyone who values his personal information. These attacks often occur on vulnerable web browsers with an infected server or a malware variant (on an infected machine) that has surveillance capabilities. Man-in-the-middle attack campaigns are utilized on an individual to steal and intercept personal information, financial data and their login credentials. Sadly, many users don’t even realize that they’re being attacked until it’s too late.

How to Avoid a Man-in-the-Middle Attack

A good way to avoid a man-in-the-middle attack is to look into the programs pre-installed on your computer after you initially purchased the machine. Many computers (whether desktop or laptop) come with installed “bloatware,” which are programs that claim to add value but actually do little when helping a computer initially boot up.

Free software trials, vendor support, applications or vendor hardware — and many more — all add a shortcut that launches your browser to a specific website. The end result is that these shortcuts leave opportunities for hackers, so removing the links may be the best way to prevent an attack.

It’s important for a business to understand the applications and programs it works with. {company} is the trusted choice when it comes to staying ahead of the latest information technology tips, tricks and news. Contact us at {phone} or send us an email at {email} for more information.

Related Blogs

  • AWS Data Migration Services" alt="">
    Best Practices for Using AWS Data Migration Services for Your Cloud Migration

    Following these best practices can ensure a smooth data migration to the cloud Key Takeaways: Data migration is the most important element in a cloud-based digital transformation A well-planned data...

    Learn More
  • This image is a drawing of a man in a business suit with a large magnifying glass. He’s standing in front of a backdrop of a cityscape, and in front of him are a number of clouds; one of them is red, the others are white. This represents making a choice of cloud service providers." alt="">
    AWS and Beyond: The Cloud Service Providers Your Company Should Consider

    Cloud migration is a must for business today, here’s how to be sure you choose the right cloud services provider. Key Takeaways: It’s important for businesses to choose the right cloud service...

    Learn More
  • AWS ad on a subway station wall." alt="">
    3 Ways Businesses on AWS Can Extract Huge Benefits From the Overarching Amazon Ecosystem

    Being on AWS means you not only have the most widely adopted cloud service but also access to several tools that can be immensely valuable for your business Key Takeaways: AWS cloud service is part...

    Learn More