"Hackers Can Infect over 100 Lenovo Models with Unremovable Malware"
Lenovo has released security updates for over 100 laptop models to fix critical Unified Extensible Firmware Interface (UEFI) vulnerabilities. The exploitation of these vulnerabilities could allow advanced hackers to install malicious firmware that can be nearly impossible to remove or, in some cases, detect. The three vulnerabilities, tracked as CVE-2021-3970, CVE-2021-3971, and CVE-2021-3972, give hackers the ability to modify a computer's UEFI, which is the software responsible for bridging a computer's device firmware with its operating system. It is the initial link in the security chain since it is the first piece of software to run when nearly any modern device is turned on. As the UEFI is in a flash chip on the motherboard, it is difficult for infections to detect and remove. Two of the vulnerabilities exist in UEFI firmware drivers intended only to be used during the manufacturing process of Lenovo consumer notebooks. Lenovo engineers accidentally included the drivers in the production Basic Input Output System (BIOS) images without being deactivated properly. Threat actors can abuse these vulnerable drivers to disable UEFI secure boot, BIOS control register bits, and other protections that are built into the Serial Peripheral Interface (SPI) and designed to thwart unauthorized changes to the firmware it runs. The third vulnerability could enable hackers to run malicious firmware when a device is in system management mode, which is a high-privilege operating mode used by hardware manufacturers for low-level system management. Trammel Hudson, a security researcher specializing in firmware hacks, says the severity of these vulnerabilities could be lessened by protections such as BootGuard, which is designed to block unauthorized individuals from running malicious firmware during the boot process. This article continues to discuss the critical UEFI vulnerabilities and the growth in SPI implants.
Ars Technica reports "Hackers Can Infect over 100 Lenovo Models with Unremovable Malware"