Acer, Asus, Dell, HP and Lenovo bloatware research

A 36 page report posted by Duo Security reveals the sad situation with the bloatware used by OEMs in the laptop and not just. By bloatware we describe annoying programs that usually come as driver updaters. Most of the time they are referred to as crapware, and come embedded with your new laptop installed by the company itself.duo oem bloatware

Η ομάδα ερευνητών της Duo Security πραγματοποίησε ελέγχους στο ενσωματωμένο λογισμικό που έρχεται σαν updater οδηγών σε φορητούς υπολογιστές της Acer, Asus, Dell, Hewlett-Packard (HP), και .

The results of their analysis were very worrying.

For those who didn't understand we are talking about vulnerable bloatware software that exists in the before you even use it, directly from the company. Of course, what you will read below does not explain the reasons for the use of such software by big manufacturing names, but it is not difficult to guess them....

The Duo Security team has discovered that many OEMs or Original Equipment Manufacturers are using applications with too many security problems that sometimes leave the attacker full rights to the devices.

"We broke everything and some were worse than others. "Every company had at least one vulnerability that could allow man-in-the-middle (MITM) attacks and arbitrary code execution on the system."

The Duo team reports that the driver update software on each laptop includes at least one security flaw that allows the attacker to run code on the user's laptop and occupy the device.

Even worse, Duo reports that very few they know how to properly implement TLS encryption, which explains why we've seen phenomena like Superfish and eDellRoot from time to time.

In addition, Duo reveals that very few companies know how to validate and verify the integrity of updates downloaded from their driver update programs, leaving users exposed to get false (malicious) drivers.

If you take a look at the table below, you will see that the Lenovo Solution Center Driver Update Tool has positive results in the Duo tests.duo bloatware

The tool can be now, but it wasn't before.

In recent months, security researchers have bombarded Lenovo with complaints and bug reports. Ultimately they helped the company implement the best to its app, which just earlier this month received an update to fix some of the reported issues.

Out-of-Box Exploitation: A Security Analysis of OEM Updaters

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.087 registrants.

bloatwarecrapwaredelllenovo

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).