Lenovo advised users to remove the preloaded “Lenovo Accelerator Application” tool after researchers from the firm Duo Security discovered it could be exploited to perform man-in-the-middle (MitM) style attacks.
The vulnerable application has an insecure update mechanism that can be remotely executed by an attacker with local network access and was installed on some consumer notebook and desktop systems that were preloaded with the Windows 10 operating system, according to a Lenovo’s security advisory.
Customers should uninstall Lenovo Accelerator Application by going to the “Apps and Features” application in Windows 10, selecting Lenovo Accelerator Application and clicking on “Uninstall’, Lenovo said in the advisory.
If an attacker were to exploit the vulnerability the application would think that an update is available, download that update, and start installing it with system privileges, Flexera Software Director of Research and Security Kasper Lingaard told SCMagazine.com via emailed comments.
Once this is done the attacker can install whatever he or she wants, he said adding, the vulnerability is due to the lack of encrypted traffic and the lack of security checks on the authenticity of the update.
“Traffic should be encrypted and updates should be signed,” he said. “And you could always argue if updates really should be fetched and installed automatically when no proper security checks are implemented.”
Lingaard said the vulnerability is easy to exploit and couldn’t think of a reason why researchers had missed it in the preinstalled application.
“It would be very hard to argue it as being a simple oversight, so ignorance would likely be the best word to describe it,” he said referring to the vulnerability.
This isn’t the first time Lenovo has been in hot water for its products containing preinstalled issues.
Last year, Lenovo was called out for shipping laptops infected with the “Superfish” adware preinstalled which led to Facebook probing the larger issue of SSL-sniffing adware.