A report online has claimed that more than two dozens laptops manufactured by Lenovo are vulnerable to malicious hacks that disable the UEFI secure boot process and then run unsigned UEFI apps or load bootloaders that permanently add a backdoor on the device. This is a serious security issue present on multiple Lenovo products right now.
Second, after a study from ESET’s research group revealed the flaws, the notebook manufacturer issued security upgrades for 25 models, including ThinkPads, Yoga Slims, and IdeaPads. Vulnerabilities that compromise UEFI secure boot can be dangerous because they allow attackers to install malicious software that survives numerous operating system reinstallations.
The vulnerabilities, identified as CVE-2022-3430, CVE-2022-3431, and CVE-2022-3432, “enable disabling UEFI Secure Boot or restoring factory default Secure Boot databases, all simply from an OS,” according to ESET. In particular, the DBX database maintains cryptographic hashes of refused keys. An attacker can eliminate constraints that would usually be in place by disabling or restoring default values in databases.
UEFI, which stands for Unified Extensible Firmware Interface, is the programme that connects a computer’s device firmware to its operating system. It is the first link in the security chain since it is the first piece of code to run when practically any modern machine is turned on. Infections are difficult to detect and remove since the UEFI is stored in a flash chip on the motherboard. Wiping the hard drive and reinstalling the operating system have no effect because the UEFI virus will simply reinfect the computer.
By tampering with variables in NVRAM, the non-volatile RAM that holds numerous boot choices, the vulnerabilities can be exploited. The flaws are the result of Lenovo releasing Notebooks with drivers that were only intended for usage during the production process. The following vulnerabilities have been identified:
- CVE-2022-3430: A possible vulnerability in the WMI Setup driver on some consumer Lenovo Notebook devices could allow an attacker with elevated access to change secure boot settings by modifying an NVRAM variable.
- CVE-2022-3431: A possible vulnerability in a driver used during the manufacturing process on select consumer Lenovo Notebook devices that was inadvertently left enabled may allow an attacker with elevated capabilities to change the secure boot option by modifying an NVRAM variable.
- CVE-2022-3432: A possible vulnerability in a driver used during the manufacturing process on the Ideapad Y700-14ISK that was inadvertently left on may allow an attacker with elevated capabilities to modify secure boot settings by modifying an NVRAM variable.
Related
- Lenovo Showcases a Rollable Display-packing Laptop Prototype at Tech World China 2022
- Lenovo officially teases the YOGA Paper e-ink tablet with a 10.3-inch display
- Lenovo ThinkPad P15v 2022 Ryzen Edition launched in China for 7,479 yuan ($1,024)
