News
News Categories

After Superfish, Lenovo installs hidden software on Windows machines again

By Alvin Soon - on 13 Aug 2015, 5:50pm

After Superfish, Lenovo installs hidden software on Windows machines again

Oops, Lenovo does it again.

Earlier this year, Lenovo was caught installing adware Superfish on their consumer PCs. The adware was supposed to help users with better online search results, but what it actually did was hijack users' search info, and injected ads from third-party partners into the search results.

Because Superfish had the ability to intercept and hijack users' internet activities, it compromised users' security. Robert Graham of Errata Security found that Superfish used a single, easily cracked password for all systems (!), and he could easily intercept encrypted communication from Superfish-infected PCs sharing a Wi-Fi hotspot. 

Connecticut Attorney General George Jepsen's office launched an investigation, the U.S. government said that Superfish leaves users vulnerable to cyber attacks, and Lenovo was slammed by security experts. Lenovo promised to "significantly reduce preloaded applications."

Lesson learned - wait, what? Lenovo has just been caught - again - installing rootkits on new PCs. The software, called the Lenovo Service Engine (LSE), downloads a program called OneKey Optimiser used for "enhancing PC performance by updating firmware, drivers and pre-installed apps" as well as "scanning junk files and find factors that influence system performance."

Sounds good, right? The problem is that this software is difficult to remove, it persists even in between completely clean installs of Windows. The service also sends "system data to a Lenovo server to help us understand how customers use our products" which the company says is not "personally identifiable information."

Users are not explicitly told about the existence of LSE, and how many people would expect a piece of software to survive a complete wipe and clean install of Windows?

The bigger problem is that LSE can put users at risk. In a July 31 security bulletin, Lenovo warned that LSE could be exploited by hackers to install malware. A patch has been issued, but the user must install the patch manually.

A wide range of Lenovo laptops are affected, including Yoga and Flex machines running Windows 7, 8 and 8.1. Lenovo has a full list of affected devices. If you have a relatively new Lenovo computer, check that list! If your device is on the list, we highly recommend you use Lenovo's utility to remove LSE.

Lenovo says that business computers, like Think-branded PCs, are not affected, and that LSE has been removed from newly manufactured systems.

Sources: ZDNet, The Next Web.

Join HWZ's Telegram channel here and catch all the latest tech news!
Our articles may contain affiliate links. If you buy through these links, we may earn a small commission.