Stories
Slash Boxes
Comments

SoylentNews is people

Lenovo Still Wants to Own Your Box

posted by janrinok on Wednesday August 12 2015, @11:59PM   Printer-friendly
from the flash-me-a-bios dept.

Anonymous Coward writes:

It turns out that Lenovo has code in their BIOS which creates and maintains a backdoor executable in Windows 7 and Windows 8.x installs. Simply wiping the machine when you bring it home to remove the factory crap-ware is not enough to overcome this implementation. This issue is supposed to have been resolved via a recently released patch that doesn't remove but rather disables this 'feature' which is being called the Lenovo Service Engine.

Original Source for the news:
http://arstechnica.com/civis/viewtopic.php?p=29497693&sid=ddf3e32512932172454de515091db014#p29497693

Link to patch:
https://support.lenovo.com/us/en/product_security/lse_bios_notebook

This exploit takes advantage of a Windows feature called Windows Platform Binary Table. This is essentially a method created for the purpose of enabling UEFI bioses to load extra binaries at boot time.

link to paper on WPBT:
http://feishare.com/attachments/article/298/windows-platform-binary-table.pdf

Original Submission

 
This discussion has been archived. No new comments can be posted.
Lenovo Still Wants to Own Your Box | Log In/Create an Account | Top | 25 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 3, Interesting) by Anonymous Coward on Thursday August 13 2015, @01:20AM

    by Anonymous Coward on Thursday August 13 2015, @01:20AM (#222051)

    Because a 16 bit bios kludged to support 32 bit apps, then ported to 32 bit with a 16 bit compatibility layer really needed to be replaced at some point. That point being when enough computers shipped both with enough ram and a new enough operating system to warrant migration to primarily 64 bit operation with only the minimum necessary 32 bit fallbacks.

    That said, I *HATE* EFI and as klunky as it was, wish they'd stuck with a forth based firmware that could've leveraged hardware option rom compatibility with PPC/SPARC and hopefully have pushed for everything else to standardize on it as well.

    But alas we got a half baked DOS clone with DRM baked into the flash.

    Starting Score:    0  points
    Moderation   +3  
       Interesting=2, Informative=1, Total=3
    Extra 'Interesting' Modifier   0  
    Total Score:   3  

  • (Score: 2) by LoRdTAW on Thursday August 13 2015, @01:26PM

    by LoRdTAW (3755) on Thursday August 13 2015, @01:26PM (#222267) Journal

    I realize the old BIOS was heavily outdated. EFI was completely unnecessary. There were better options, ARCS (though it became an SGI only firmware), Open Firmware/OpenBIOS, etc.

    Personally, I'd certainly prefer coreboot. It can handle different payloads like Open Firmware/OpenBIOS, UEFI via tianocore or classic BIOS via SeaBIOS. It can also directly load GRUB or boot via ethernet with Etherboot. Very flexible and open source.