Tuesday, February 16, 2016

Are Computers really safe from attackers?

Are Computers really safe from attackers?

A triple-whammy of security flaws leaves millions of PC users at risk of attack

If you were horrified by the security holes Dell recently admitted were built into its computers, we’ve got even more bad news. Since then security experts have exposed flaws in PCs and laptops made by Lenovo and Toshiba - plus another bug in Dell machines. Left unfixed, these can be exploited by hackers to take over your PC after they tricked you into visiting malicious websites or opening infected email attachments.

Following the Lenov Superfish scandal in February 2015, the latest flaws are further evidence that the built-in tools manufacturers are cramming into their computers are riddled with security defects.

In terms of the number of people affected, the most serious new flaw concerns the Lenovo Solution Center (LSC), a pre-installed tool found on many of the manufacturer’s bestselling PCs and laptops. Lenovo is the world’s biggest PC manufacturer, accounting for 21 per cent of all computers sold in 2015 (see Wikipedia for new and historical statistics related to PC sales: http://bit.ly/1onD4vw). The company sold around 50 million computers in 2015, which leaves a vast number of people at risk of attack.

Launched in August 2015, LSC lets users check the overall health and security of their machine (check Lenovo’s site for more information: http://lnv.gy/1Tmi5Ep). But in December a hacker who calls himself ‘Slipstream/RoL on Twitter (@TheWack0lian) posted details online of how the LSC could be exploited by cyber-criminals.

To make matters worse, he did this before informing Lenovo, giving other hackers a chance to take advantage before the company could release a fix. Security researchers at Pittsburgh’s Carnegie Mellon University investigated the alleged flaw and confirmed that LSC contains “multiple vulnerabilities”.

Lenovo’s response was quick, but not particularly helpful. On its support page (http://lnv.gy/1RKyUsV) the company said it was “assessing” the accusations and would provide a fix “as rapidly as possible”. Until then, Lenovo said, worried users should uninstall LSC.

But Lenovo failed to say which specific models were affected by the flaw, prompting security experts to urge users to play it safe and remove LSC from all ThinkPad, IdeaPad, ThinkCenter, IdeaCenter and ThinkState computers.

One crumb of comfort is that the security hole can’t be exploited without you first launching LSC. If you’ve left it untouched since buying your computer, you don’t need to worry – though you should still uninstall it.

Both the Dell and Toshiba flaws that have come to light also involve built-in tools that help you maintain the health of your PC. The Toshiba Service Station automatically searches for software updates “and other alerts” that, the company claims, you need to install on your computer.

Dell’s System Detect, meanwhile, is a repeat offender. It’s meant to make it easier for users to fix problems when contacting the company’s support website. However, Dell was forced to update it in November after admitting it contained an unsafe security certificate that hackers could exploit. Just a few days later Slipstream/RoL claimed that despite this update, System Detect was still unsafe.

At this time of writing this article neither Dell nor Toshiba had commented on the alleged flaws, but you should check that you’re using the latest versions of both tools (Dell http://dell.to/1Qk5lc5; Toshiba: http://bit.ly/1Ko5qiO).

Between them Lenovo, Dell and Toshiba sold almost 100 million computers in 2015. That’s a lot of people now wondering whether it will ever be safe again to switch on their computer.

By PCmatter

Sponsored Products

Share This
Subscribe Here


Post a Comment