The Recycler
  • Ninestar Masthead banner July 2021
  • Nubeprint Online 425x90
  • ECS Web ad October
  • Biuromax Web ad May 2021
  • Katun March Web Advert 2021

Serious defects on laptops allow hackers to take over

Serious defects on laptops allow hackers to take over

June 1, 2016

Major worries shared about OEMs’ computer security, which can be hacked in 10 minutes.Backlit keyboard

Researchers from Duo Security have discovered that HP Inc, Dell, Acer, and Lenovo machines are all susceptible to hackers, reported International Business Times. Laptops bought off-the-shelf come with “bloatware or third party pre-installed software that users don’t really need”, and professionals in cybersecurity do not advocate purchasing them. The Recycler recently reported on working from a virtual office, and as working from home relies on laptops, preventing hacking is of utmost importance.

During their research, Duo Security tested all the above computers and also uncovered the “eDellRoot backdoor” discovered in November 2015, Dell admitting that its latest PCs “contain security backdoors that expose customers to being hacked”. Researchers also discovered that “every single manufacturer’s updater had security vulnerabilities that put millions of consumers at risk”.

Steve Manzuik, Duo Security’s Director of Security Research, commented: “Short of explicitly disabling updaters and removing OEM components altogether, the end user can do very little to protect themselves from the vulnerabilities created by OEM update components. In general you have to be a tech person to understand there’s a problem and then know how to fix it. You have to know to go to the manufacturer’s website and know how to download and install the software. We knew these laptops were being bought by people who aren’t tech people.”

Because customers are unaware and are not using basic security (encryption) to protect messages, it is simple for a hacker to adjust data from “the server to the laptop and add an extra file that might run” and cause problems. Darren Kemp, a Duo Security Researcher, added that “on each laptop there’s a lot of different software doing very different things built by different departments. I have the feeling it’s very difficult for the manufacturer to track.

“It’s a short turnaround and the manufacturer probably doesn’t get enough time to secure each piece of software. For example, in one Lenovo updater, they obviously put in a lot of effort to secure it, and then running parallel to it was another updater that had none of the security features enabled”. The OEMs were informed of the security risks as they were found – some reacted to this immediately, while others did not and have still not addressed the problems.

Manzuik stated: “Asus and Acer were the worst. With Asus, there were two different vulnerabilities. This one had code execution that was quite obvious and easy to exploit – it literally took less than 10 minutes to attack the system using that vulnerability. They have told us they are patching the issue, but we have still not seen a patch from it. They originally did make a patch, but then they didn’t release it. We told them about the bugs over three months ago.”

Lenovo and HP Inc were commended by Duo Security for “taking the risks seriously and having a process in place for researchers to report such issues”, with Lenovo deciding to “completely remove the offending updater software from its laptops”. Manzuik advised that “the best advice we can offer is to make sure you remove all the third-party bloatware on these machines.

“In a lot of cases, our biggest concern is that a lot of people are buying these laptops and then bringing them into the corporate network. IT guys need to tell them to remove bloatware and clean the computers up, and users should also make sure they’re using good passwords, two-factor authentication and to turn on encryption.”

Categories : Products and Technology

Tags : OEM Security Technology

  • Apex web ad May 2021 version 2
  • Aster Web ad October
  • Ninestar Big & Bold July 2021
  • GM Tech Web ad October
  • Static Web ad July 2021
  • GPI Web ad October
  • Mito September 2021 Web Advert
  • Armor May banner Ink
  • IR Italiana Web ad January 2021
  • CTS Toner Supplies Web ad April 2021
  • Adter Recruitment Web ad April 2021
  • Ohana July 2021 web advert
  • PCL Web ad January 2021
  • PW Dubai December Ad
  • CET Web ad September 2021
  • ITP Web ad January 2021
  • HYB Web ad February 2021
  • Adter Recruitment Web ad April 2021
  • PCL Web ad January 2021
  • PW Dubai December Ad
  • CTS Toner Supplies Web ad April 2021
  • Ohana July 2021 web advert
  • CET Web ad September 2021
  • HYB Web ad February 2021
  • ITP Web ad January 2021
  • PCL Web ad January 2021
  • Adter Recruitment Web ad April 2021
  • CTS Toner Supplies Web ad April 2021
  • CET Web ad September 2021
  • Ohana July 2021 web advert
  • PW Dubai December Ad
  • HYB Web ad February 2021
  • ITP Web ad January 2021

The Recycler, Wittas House, Two Rivers, Station Lane, Witney, OX28 4BH, United Kingdom | Tel: +44 (0) 1993 899800 | Fax : +44 (0) 1993 226899
©2006-2021 The Recycler - Terms & Conditions - Privacy Policy including cookie use

Web design Dorset | Websites by Mark