The information security company ESET has identified security vulnerabilities in more than a hundred models of Lenovo laptops, which allow attackers to gain full access to computer systems through UEFI damage, which are considered very difficult to detect and treat. Lenovo has been updated on the subject, and has provided a software update that will protect the exposed models.
As mentioned, UEFI is a firmware that is on a chip on the motherboard of a computer, and its purpose is to connect the hardware (the physical computer) and the software (the operating system). This is a system that comes up before the start of the operating system, in which various settings can be made on the computer. Using the system, the computer components are checked to make sure they are working properly and the computer can continue to load the operating system properly.
ESET researcher Martin Smolar, who discovered the vulnerabilities, explained: “UEFI threats can easily slip out of detection and are very dangerous. More and they could prevent the running of their malicious charge. ”
“The ‘safe’ backdoors we’ve discovered at UEFI show that in some cases, sending UEFI threats is easier than expected, and the growing amount of authentic UEFI threats discovered in recent years shows that cybercriminals are also aware of this,” he added.
At ESET, Lenovo laptop owners have been advised to review the list of models affected by the vulnerability, and to update the firmware according to the manufacturer’s instructions.