Lenovo - if it's on your network, you ARE breached.
-
@donaldlandru said in Lenovo - if it's on your network, you ARE breached.:
@scottalanmiller I will review your links; however, I think the overall point was missed here.
My point is not Lenovo is safe, my point is there are other companies doing the same or similar shady practices and yet they are being marked as safe.
No, this is missing the point. The point is that no one but Lenovo has ever done stuff like this. No one. If you think that there is any other company that you can use as a "see they did this too" then you've missed what has happened. We aren't talking about safe, we are talking about malicious. HPE and Dell are not your enemies, nor are they completely safe. But Lenovo is the actual enemy.
I'm extremely aware of the overall point here and am trying to show why you are missing how this all comes together. Travis wasn't pointing out that Lenovo made mistakes like all companies do, that's something you brought to the discussion. He (and we) are talking about the things that only Lenovo has done that are unlike anything seen in the industry before.
Lenovo is completely unique here. Any attempt to compare to another company, unless you have security examples none of us have ever heard of, means you are missing the discussion and are talking about something different.
-
@scottalanmiller said in Lenovo - if it's on your network, you ARE breached.:
They've reduced their customer base only to those that value price over security of their organizations at a pretty extreme level
This is what's bizarre to me. Even if you price Lenovo side-by-side and spec-for-spec. They are rarely cheaper then their competition. Sometimes they are but mostly they are within a few hundred dollars.
-
@Dashrender said in Lenovo - if it's on your network, you ARE breached.:
@scottalanmiller said in Lenovo - if it's on your network, you ARE breached.:
And the big one, other than Superfish, Lenovo adding rootkits to the hardware in order to deploy malware onto their boxes against the wishes or knowledge of users:
I'm pretty sure this particular one is an over statement by Scott. As far as I know no malware was discovered in this (I'll agree with this term) hardware rootkit. Could it be used this way, absolutely, but I'm currently unaware or not remembering actual malware deployed through this.
Junkware on the other hand - sure. Lenovo's own crapware to help them deploy their own drivers, etc. This was after the SF issue, so again, it's not known if actual malware was distributed this way.Anything delivered by this method would be malware. It's a hijack of your system. Unwanted software deployed to your system like this is malware, period.
I think if you are getting quotes and in different markets they are sometimes super cheap.
-
@scottalanmiller said in Lenovo - if it's on your network, you ARE breached.:
@dashrender said in Lenovo - if it's on your network, you ARE breached.:
Junkware on the other hand - sure. Lenovo's own crapware to help them deploy their own drivers, etc. This was after the SF issue, so again, it's not known if actual malware was distributed this way.
That's malware. Plain and simple. When deployed via a rootkit. And more importantly, there was a rootkit!!
Is it a windows rootkit? Or is it using built in tech by MS and BIOS/UEFI makers as a deployment method?
-
@dashrender said in Lenovo - if it's on your network, you ARE breached.:
@scottalanmiller said in Lenovo - if it's on your network, you ARE breached.:
@dashrender said in Lenovo - if it's on your network, you ARE breached.:
Junkware on the other hand - sure. Lenovo's own crapware to help them deploy their own drivers, etc. This was after the SF issue, so again, it's not known if actual malware was distributed this way.
That's malware. Plain and simple. When deployed via a rootkit. And more importantly, there was a rootkit!!
Is it a windows rootkit? Or is it using built in tech by MS and BIOS/UEFI makers as a deployment method?
It's MS encouraged UEFI rootkit. The rootkit was in firmware. It was only activated against Windows before getting caught. Linux would have been rooted the same though.
-
It's important to understand that Lenovo tried this rootkit deployment while under extreme scrutanty after being caught with superfish and is believed to have still been in a proof of concept phase of the attack without the real payloads having had a chance to be deployed yet.
It's like catching the crooks having broken into your house before they started carrying stuff out and you have to guess whether they were just stealing some food or everything that you owned. But they had already broken in, twice.
-
@scottalanmiller said in Lenovo - if it's on your network, you ARE breached.:
@dashrender said in Lenovo - if it's on your network, you ARE breached.:
@scottalanmiller said in Lenovo - if it's on your network, you ARE breached.:
@dashrender said in Lenovo - if it's on your network, you ARE breached.:
Junkware on the other hand - sure. Lenovo's own crapware to help them deploy their own drivers, etc. This was after the SF issue, so again, it's not known if actual malware was distributed this way.
That's malware. Plain and simple. When deployed via a rootkit. And more importantly, there was a rootkit!!
Is it a windows rootkit? Or is it using built in tech by MS and BIOS/UEFI makers as a deployment method?
It's MS encouraged UEFI rootkit. The rootkit was in firmware. It was only activated against Windows before getting caught. Linux would have been rooted the same though.
Should it have? MS specifically has hooks for working with these BIOS/UEFI hooks, do any Linux distorts do this?
Unless you're saying it was taking advantage of a security flaw in Windows and Linux that isn't/can't be patched?
-
Let's break the topic of SMM out on its own and I'll participate as I'm able.
-
@dashrender said in Lenovo - if it's on your network, you ARE breached.:
@scottalanmiller said in Lenovo - if it's on your network, you ARE breached.:
@dashrender said in Lenovo - if it's on your network, you ARE breached.:
@scottalanmiller said in Lenovo - if it's on your network, you ARE breached.:
@dashrender said in Lenovo - if it's on your network, you ARE breached.:
Junkware on the other hand - sure. Lenovo's own crapware to help them deploy their own drivers, etc. This was after the SF issue, so again, it's not known if actual malware was distributed this way.
That's malware. Plain and simple. When deployed via a rootkit. And more importantly, there was a rootkit!!
Is it a windows rootkit? Or is it using built in tech by MS and BIOS/UEFI makers as a deployment method?
It's MS encouraged UEFI rootkit. The rootkit was in firmware. It was only activated against Windows before getting caught. Linux would have been rooted the same though.
Should it have? MS specifically has hooks for working with these BIOS/UEFI hooks, do any Linux distorts do this?
Unless you're saying it was taking advantage of a security flaw in Windows and Linux that isn't/can't be patched?
AFAIK this particular exploit, being on the firmware, could make changes to any OS sitting on top of it, similar to getting a rootkit on your hypervisor would do. Windows hooks would help make that easier, but I don't believe that it is required to make it possible.
-
@dashrender said in Lenovo - if it's on your network, you ARE breached.:
Let's break the topic of SMM out on its own and I'll participate as I'm able.
Maybe make a new one.
-
@dashrender said in Lenovo - if it's on your network, you ARE breached.:
Let's break the topic of SMM out on its own and I'll participate as I'm able.
This is why I felt we needed a thread dedicated to just how bad Lenovo actually is. While many threads preceded it, more will follow!
-
@travisdh1 said in Lenovo - if it's on your network, you ARE breached.:
@dashrender said in Lenovo - if it's on your network, you ARE breached.:
Let's break the topic of SMM out on its own and I'll participate as I'm able.
This is why I felt we needed a thread dedicated to just how bad Lenovo actually is. While many threads preceded it, more will follow!
Right, and it needs to be collected because, as we've seen already, later breaches often cover up earlier ones.
-
Sure, but the SMM issue is really outside of Lenovo because all PC makers can use it.
-
@dashrender said in Lenovo - if it's on your network, you ARE breached.:
Sure, but the SMM issue is really outside of Lenovo because all PC makers can use it.
Can use it and do use it are different issues, but both are important as well.
-
@scottalanmiller said in Lenovo - if it's on your network, you ARE breached.:
@dashrender said in Lenovo - if it's on your network, you ARE breached.:
Sure, but the SMM issue is really outside of Lenovo because all PC makers can use it.
Can use it and do use it are different issues, but both are important as well.
Many do use it to deploy Compu Trace as previously mentioned.
-
@scottalanmiller said in Lenovo - if it's on your network, you ARE breached.:
@dashrender said in Lenovo - if it's on your network, you ARE breached.:
@scottalanmiller said in Lenovo - if it's on your network, you ARE breached.:
@dashrender said in Lenovo - if it's on your network, you ARE breached.:
@scottalanmiller said in Lenovo - if it's on your network, you ARE breached.:
@dashrender said in Lenovo - if it's on your network, you ARE breached.:
Junkware on the other hand - sure. Lenovo's own crapware to help them deploy their own drivers, etc. This was after the SF issue, so again, it's not known if actual malware was distributed this way.
That's malware. Plain and simple. When deployed via a rootkit. And more importantly, there was a rootkit!!
Is it a windows rootkit? Or is it using built in tech by MS and BIOS/UEFI makers as a deployment method?
It's MS encouraged UEFI rootkit. The rootkit was in firmware. It was only activated against Windows before getting caught. Linux would have been rooted the same though.
Should it have? MS specifically has hooks for working with these BIOS/UEFI hooks, do any Linux distorts do this?
Unless you're saying it was taking advantage of a security flaw in Windows and Linux that isn't/can't be patched?
AFAIK this particular exploit, being on the firmware, could make changes to any OS sitting on top of it, similar to getting a rootkit on your hypervisor would do. Windows hooks would help make that easier, but I don't believe that it is required to make it possible.
That's just it though - this is NOT an exploit. This is a system design, a design specifically in the BIOS/UEFI.
-
@dashrender said in Lenovo - if it's on your network, you ARE breached.:
@scottalanmiller said in Lenovo - if it's on your network, you ARE breached.:
@dashrender said in Lenovo - if it's on your network, you ARE breached.:
@scottalanmiller said in Lenovo - if it's on your network, you ARE breached.:
@dashrender said in Lenovo - if it's on your network, you ARE breached.:
@scottalanmiller said in Lenovo - if it's on your network, you ARE breached.:
@dashrender said in Lenovo - if it's on your network, you ARE breached.:
Junkware on the other hand - sure. Lenovo's own crapware to help them deploy their own drivers, etc. This was after the SF issue, so again, it's not known if actual malware was distributed this way.
That's malware. Plain and simple. When deployed via a rootkit. And more importantly, there was a rootkit!!
Is it a windows rootkit? Or is it using built in tech by MS and BIOS/UEFI makers as a deployment method?
It's MS encouraged UEFI rootkit. The rootkit was in firmware. It was only activated against Windows before getting caught. Linux would have been rooted the same though.
Should it have? MS specifically has hooks for working with these BIOS/UEFI hooks, do any Linux distorts do this?
Unless you're saying it was taking advantage of a security flaw in Windows and Linux that isn't/can't be patched?
AFAIK this particular exploit, being on the firmware, could make changes to any OS sitting on top of it, similar to getting a rootkit on your hypervisor would do. Windows hooks would help make that easier, but I don't believe that it is required to make it possible.
That's just it though - this is NOT an exploit. This is a system design, a design specifically in the BIOS/UEFI.
Obviously that the system is designed that way has no bearing on it being an exploit.
-
@dashrender said in Lenovo - if it's on your network, you ARE breached.:
@scottalanmiller said in Lenovo - if it's on your network, you ARE breached.:
@dashrender said in Lenovo - if it's on your network, you ARE breached.:
Sure, but the SMM issue is really outside of Lenovo because all PC makers can use it.
Can use it and do use it are different issues, but both are important as well.
Many do use it to deploy Compu Trace as previously mentioned.
Right, as an exploit as is very clear. All kinds of well intentioned software can be exploited by bad actors. In fact, at the base of it, all code is based on chips and languages that were intended for good but exploited for other purposes.
https://threatpost.com/millions-of-pcs-affected-by-mysterious-computrace-backdoor-2/107700/
-
@scottalanmiller said in Lenovo - if it's on your network, you ARE breached.:
@dashrender said in Lenovo - if it's on your network, you ARE breached.:
@scottalanmiller said in Lenovo - if it's on your network, you ARE breached.:
@dashrender said in Lenovo - if it's on your network, you ARE breached.:
Sure, but the SMM issue is really outside of Lenovo because all PC makers can use it.
Can use it and do use it are different issues, but both are important as well.
Many do use it to deploy Compu Trace as previously mentioned.
Right, as an exploit as is very clear. All kinds of well intentioned software can be exploited by bad actors. In fact, at the base of it, all code is based on chips and languages that were intended for good but exploited for other purposes.
https://threatpost.com/millions-of-pcs-affected-by-mysterious-computrace-backdoor-2/107700/
Wow, I hadn't heard that before, thanks.
-
Finally got a blog post up on this.
