Lenovo Accelerator Application contains a bug that allows remote hack of your PC

A study of Duo Security revealed that Lenovo Accelerator Application support tool contains a high-risk flaw that allows remote code execution.

Once again bad news for Lenovo users, the company is informing them that the Lenovo Accelerator Application contains a high-risk vulnerability that could be exploited by hackers to remotely execute code on the machine and take over it.

The Lenovo Accelerator Application is an application preloaded on Lenovo computers that the vendor suggests removing due to the presence of the flaw.

The Lenovo Accelerator Application was designed by Lenovo to speed up the launch of its applications.

The flaw was reported by security experts from the Duo Security firm that assessed OEM software update tools from five PC manufacturers, Acer, ASUSTeK Computer, Lenovo, Dell and HP .

The analysis, titled “Out-of-Box Exploitation – A Security Analysis of OEM Updaters” revealed that all of them had at least one serious flaw that could be exploited by hackers to compromise the system.

Researchers at Duo Security discovered that the flaw resides in the update component of the Lenovo Accelerator Application, so called LiveAgent. The LiveAgent does not use encrypted connections when contact and download the updates from the company servers. Another issue highlighted by the researchers is that LiveAgent does not validate the authenticity of the updates through digital signatures of the binaries.

 

An attacker can exploit the lack of encryption for communications to launch a MiTM attack and serve to the LiveAgent malicious files instead the legitimate updates.

The lack of signature validation is one of the most common problems discovered during the study.

“Lenovo recommends customers uninstall Lenovo Accelerator Application by going to the ‘Apps and Features’ application in Windows 10, selecting Lenovo Accelerator Application and clicking on ‘Uninstall’,” states a security advisory issued by Lenovo.

Lenovo will release as soon as possible a System Update removal utility soon order to solve the issue.

Unfortunately, the study demonstrates that is it quite common to discover serious security issues in the support tools and third-party applications preloaded by vendors in their PCs.

If you appreciate my effort in spreading cyber security awareness, please vote for Security Affairs as best European Security Blog. Vote SecurityAffairs in every section it is reported. I’m one of the finalists and I want to demonstrate that the Security Affairs community a great reality.

https://www.surveymonkey.com/r/secbloggerwards2016

Thank you

Pierluigi

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Lenovo Accelerator Application, hacking)