Releases security updates for more than 100 laptop models to address the critical vulnerabilities that advanced hackers install to hide malware.
Three vulnerabilities affecting more than 1 million laptops allow hackers to change computer UEFI. Short for Unified Extended Firmware Interface, UEFI is software that connects computer hardware to the operating system. It is the first link in the security chain, as it is the first software when any smart machine is turned on. UEFI is located on the flash chip on the motherboard and is difficult to detect and eliminate.
The two vulnerabilities, such as CVE-2021-3971 and CVE-2021-3972, appear only in UEFI firmware drivers during the production process of Lenovo consumer notebooks. Lenovo engineers unknowingly incorporated drivers into product BIOS images without actually deactivating them. Hackers can disable protections by using these error drivers, UEFI secure boot, BIOS control registry bits and encrypted zone registry, built into the serial peripheral interface (SPI) and designed to prevent unauthorized changes to the operating firmware.
After discovering and examining the shortcomings of ESET researchers, CVE-2021-3970 was discovered. Allows Hackers to Run Malware
“Based on the description, all of these are pretty much the kind of attacks for well-developed attackers” Tramel Hudson, an expert on firmware hacks, told Ars. “It is very bad to pass SPI flash licenses.”
It says it can lose weight with protections like BootGuard, which is designed to prevent unauthorized people from running malware during the boot process. Then again, in the past, researchers have discovered significant vulnerabilities in copying BootGuard. Here are three shortcomings identified by Hudson in 2020:
Enter the main room
Still, occasionally, SPI installations are proliferating. One of the biggest threats to the Internet is the fact that malware, known as Trickbot, has started to include driver code by 2020, which allows people to write software on almost any device. The other two documents used in the wild are UEFI firmware Lojax, written by a Russian hacker group and is known by many names, including Sednit, Fansi Beer or APT 28. The second example is UEFI malware.
All three Lenovo vulnerabilities found in ESET require local access, which means that the attacker must control the already vulnerable machine with unlimited privileges. The bar for such access is high and may require the use of one or more significant other vulnerabilities that already endanger the user.
The vulnerabilities are still high because they can infect vulnerable laptops with malware, which is more common than normal malware. Lenovo has a list of more than 100 affected models here.