Hacking

Lenovo Accelerator Application contains a bug that allows remote hack of your PC

A study of Duo Security revealed that Lenovo Accelerator Application support tool contains a high-risk flaw that allows remote code execution.

Once again bad news for Lenovo users, the company is informing them that the Lenovo Accelerator Application contains a high-risk vulnerability that could be exploited by hackers to remotely execute code on the machine and take over it.

The Lenovo Accelerator Application is an application preloaded on Lenovo computers that the vendor suggests removing due to the presence of the flaw.

The Lenovo Accelerator Application was designed by Lenovo to speed up the launch of its applications.

The flaw was reported by security experts from the Duo Security firm that assessed OEM software update tools from five PC manufacturers, Acer, ASUSTeK Computer, Lenovo, Dell and HP .

The analysis, titled “Out-of-Box Exploitation – A Security Analysis of OEM Updaters” revealed that all of them had at least one serious flaw that could be exploited by hackers to compromise the system.

Researchers at Duo Security discovered that the flaw resides in the update component of the Lenovo Accelerator Application, so called LiveAgent. The LiveAgent does not use encrypted connections when contact and download the updates from the company servers. Another issue highlighted by the researchers is that LiveAgent does not validate the authenticity of the updates through digital signatures of the binaries.

 

An attacker can exploit the lack of encryption for communications to launch a MiTM attack and serve to the LiveAgent malicious files instead the legitimate updates.

The lack of signature validation is one of the most common problems discovered during the study.

“Lenovo recommends customers uninstall Lenovo Accelerator Application by going to the ‘Apps and Features’ application in Windows 10, selecting Lenovo Accelerator Application and clicking on ‘Uninstall’,” states a security advisory issued by Lenovo.

Lenovo will release as soon as possible a System Update removal utility soon order to solve the issue.

Unfortunately, the study demonstrates that is it quite common to discover serious security issues in the support tools and third-party applications preloaded by vendors in their PCs.

If you appreciate my effort in spreading cyber security awareness, please vote for Security Affairs as best European Security Blog. Vote SecurityAffairs in every section it is reported. I’m one of the finalists and I want to demonstrate that the Security Affairs community a great reality.

https://www.surveymonkey.com/r/secbloggerwards2016

Thank you

Pierluigi

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Lenovo Accelerator Application, hacking)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

American fast-fashion firm Hot Topic hit by credential stuffing attacks

Hot Topic suffered credential stuffing attacks that exposed customers' personal information and partial payment data.…

1 hour ago

Cisco addressed high-severity flaws in IOS and IOS XE software

Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to…

15 hours ago

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

22 hours ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

1 day ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

2 days ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

2 days ago

This website uses cookies.