The year was not that good for Lenovo. After the news February that the company sends data from its systems with adware and a faulty root certificate, the revelations continue!
Πρόσφατες δημοσιεύσεις στο Reddit αλλά και στο Hacker News αναφέρουν ότι η Lenοvo χρησιμοποιείται ένα βοηθητικό πρόγραμμα που ονομάζεται Lenοvo Service Engine στο BIOS ορισμένων συσκευών της που κατεβάσει ένα πρόγραμμα που ονομάζεται OneKey Optimizer στα συστήματα των χρηστών και αποστέλλει "αναγνωριστικές πληροφορίες συστήματος" στους servers της εταιρείας.
What makes this event particularly worrying is that Windows files are replaced during the cmmovement, and files are added to Windows system32. At the same time, a service is set up to transfer data to Lenovo.
The data collected, according to Lenovo, contains the computer type and model, a UUID of the system, the region, and the date. Once the data has been successfully submitted, the service is automatically shut down by the system.
Since this tool is BIOS based, it will do its job even if all the applications of Lenovo and install Windows from scratch.
Lenovo, of course, admits that these changes were not consistent with Microsoft's security guidelines.
Affected products according to company:
Lenovo Notebooks: Flex 2 Pro 15 (Broadwell), Flex 2 Pro 15 (Haswell), Flex 3 1120, Flex 3 1470 / 1570, G40-80 / G50-80 / G50-80 Touch, S41-70 / U41-70, S435 / M40 -35-3000-40-80-3-11-3-14-41-70-51-70-70
Lenovo Desktop: A540, B740, B4030, H5030, H5035, H750, H3000, H3050, Horizon 5000 5050, Horizon 5055e, Horizon 2S, C27, C2, C500, C2,
X310 (A78), X315 (B85)
Lenovo Desktop (China): D3000, D5050, D5055, F5000, F5050, F5055, G5000, G5050, G5055, G5700, YT A7700k, YT A2620k, YT M5310n, YT M5790n, YT M7100n, YT M4005n, YT S4030, YT S4040
The solution
Lenovo has released BIOS updates for affected devices to disable the Lenovo service, and a tool that removes services and files on systems running Windows 7, Windows 8 and 8.1 and Windows 10.
The Removal Tool performs the following functions for the affected systems:
- Interrupts the LSE service
- Deletes all files installed by the LSE, which include:
C: \ windows \ system32 \ wpbbin.exe,
C: \ windows \ system32 \ LenovoUpdate.exe,
C: \ windows \ system32 \ LenovoCheck.exe
- Repairing autocheck files in Windows
- Disables the UEFI variable that enables LSE if the system is running Windows 8, 8.1, or 10 on mode UEFI
You can download the repair tools from its website Lenovo.