Lenovo Caught Installing Immortal Crapware

Category: Laptops , Software

Lenovo has again been caught playing fast and loose with customers’ privacy and security. First, it was Superfish. Now, it's vulnerable crapware that won't go away, even if you reformat or replace your hard drive. Read on for the full story...

Lenovo Strikes (out) Again

In February of this year, I described how computer maker Lenovo was shipping laptops with adware that puts all of your Web browsing sessions at risk of hacking. Just as the furor over Superfish died down, Lenovo has been caught doing something even more egregious.

In 2011, Microsoft added a feature to Windows called Windows Platform Binary Table (WPBT). It allows computer vendors like Lenovo to store software in a PC’s firmware and inject it into the Windows system files upon startup. Such software is practically undetectable and “immortal.”

Reformatting or even replacing a hard drive will have no effect on software stored in firmware. In addition, software stored in firmware cannot be detected by ordinary anti-malware programs.
Lenovo Crapware

That's because firmware resides on a chip on the computer's motherboard, and not the hard drive. It cannot be erased without flashing the firmware ROM, an operation normally done only to update the system BIOS.

WPBT is intended to make computers more secure. Computer makers have the ability to embed security and license-verification software in firmware, where it cannot be erased by a virus or software pirate. But Lenovo went a step further than Microsoft intended.

Resistance is Futile

The Lenovo Service Engine (LSE) utility, which is built on the WPBT platform, was embedded in the firmware of desktops and laptops manufactured between October 23, 2014, and April 10, 2015. LSE behaves differently on Lenovo laptops than it does on desktops.

Upon startup of a laptop, LSE copies two files to the Windows\system32 folder if they don’t already exist. These files, LenovoUpdate.exe and LenovoCheck.exe, connect to the Internet upon system startup to download drivers, a “system optimization” utility, and whatever else Lenovo wants to plant on your machine.

There’s nothing you can do to stop these installations, and if you remove the unwanted files, they reappear the next time you restart your laptop.

LSE also gathers some information about the machine that Windows is installed on, including its unique identifying number, and sends that data to Lenovo. This sneaky data collection executes only the first time a machine connects to the Internet, and contains nothing about the user. But it’s still sneaky, and high-handed because it cannot be stopped by the owner of the machine. This operation occurs on both laptops and desktops.

LSE does not install additional software on desktops. Only the data collection function happens there. But laptops are definitely vulnerable to this “immortal” Lenovo crapware.

Adding Injury to Insult

Making matters worse, a buffer-overflow vulnerability in LSE was recently discovered by security researcher Roel Schouwenberg, who worked for Kaspersky Labs until February, 2015. This flaw allows an attacker to gain administrator-level privileges on any computer that bears LSE, desktop or laptop.

There is no excuse for buffer-overflow flaws existing in any modern software. This class of software flaws is one of the oldest and most obvious vulnerabilities, one of the first things for which hackers and security researchers check. Lenovo should have tested for buffer-overflow flaws before releasing LSE. Not doing so is as negligent as shipping cars with loose tire lug nuts.

Not all Lenovo products have the LSE vulnerability. In particular, “Think” branded Lenovo products do not bear LSE. A list of all affected desktop and laptop models can be perused here.

Lenovo very quietly discontinued LSE in April, and released two utilities that will uninstall LSE from machines that bear it. But as far as I can tell, it was not automatically pushed out to customers. So it's up to you to apply the fix. The procedure for Lenovo laptops is described here. The fix for Lenovo desktops can be downloaded here.

Microsoft reportedly censured Lenovo for failing to adhere to Microsoft’s guidelines regarding apps developed using WPBT. Microsoft has tightened those requirements and decertified LSE. WPBT has legitimate uses, but poisoning firmware with hackable “immortal” crapware is not one of them.

I don't think there was any malicious intent here on Lenovo's part. But they were inexcusably sloppy. Can Lenovo be trusted again? Your thoughts on this topic are welcome. Post your comment or question below...

 
Ask Your Computer or Internet Question

 
  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Email:

Check out other articles in this category:



Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 21 Aug 2015


For Fun: Buy Bob a Snickers.

Prev Article:
Microsoft Edge Needs Sharpening

The Top Twenty
Next Article:
Should You Get a Laplet?

Most recent comments on "Lenovo Caught Installing Immortal Crapware"

(See all 54 comments for this article.)

Posted by:

OldGeezerTech
24 Aug 2015

When I had my computer store I sold a ton of IBM ThinkPad laptops. Built like tanks and very reliable. Killer to work on cuz they were so solidly built. Then Lenovo bought the lappy stuff from IBM and for a while they kept up with IBM's standards. Then they started to slip with more bloat-ware and and less than stellar hardware. Buffer-overflow ... I haven't seen that since my first Z80 comp running CP/M.


Posted by:

JayJayKay
26 Aug 2015

I've got my G550 in 2009, Win7, still the IBM quality, and love it. I am glad I was not thinking of buying a 'modern' one!


Posted by:

Ivan White
27 Aug 2015

I bought a Lenovo all in one about a year ago, had it a month and nothing but trouble with it all the time. It was a mess and software that kept crashing etc. I sent it back to new egg and told them to dump Lenovo, they are junk, being a computer technician retired, I know just when I see it, beautiful looking machine, but they just did not work right, so back it went and I will not buy another Lenovo anything and even today they still are junk...


Posted by:

Dan
28 Aug 2015

"Can you imagine what will happen if someone can flash the BIOS remotely?"

Now there's a question! (I recall the time when it was thought that remotely accessing a machine's camera was impossible—and look what happened.)

It that even theoretically possible?


Posted by:

Dave
29 Aug 2015

1. Boycott Lenovo.
2. If you do, simply re-flash the firmware.
3. Erm, perhaps just run Linux...?


Posted by:

DekC
29 Aug 2015

Very informative article and interesting. It seems more and more suppliers are embedding adware and unwanted junk in items you want and make it difficult to get rid of it. Sad we have come to this.


Posted by:

Theo
29 Aug 2015

Yes it seems Leveno cant help themselves, but you cant trust any of them now, I have worked in the computer industry for 40 yrs retired now, I have seen apple and Microsoft develop from basic computing starting 8088 processor, through to windows 3.0 to 6.0, 98 XP, home and 7, 8 etc. Thinking back now I recall how a fresh computer installed with application software, word processor, etc would work quickly and without issues, however various upgrades and patches offered by Microsoft would be installed with the inevitable slowdown of the system bit by bit until the owner says enough and upgrades to a more powerful new computer with the promise of faster operations , them the process starts all over again on and on. That's their marketing technique.
Ask yourself what do you really need in computer.
You certainly don't need all the crap-ware, spy routines embedded in the processor chip, (even in the late 90's Microsoft could interrogate the unique serial numbers of the processor chip identifying the owner) unnecessary routines and loops to slow down your system


Posted by:

Gary Aminoff
30 Aug 2015

I have been usingThinkPad laptops for many years. I had a T30 when it was still IBM, then bought a T43 in 2006 which lasted me until this year when I bought a new W541 which I am very happy with. I LOVE Lenovo laptops. My new machine is great and super fast. I have only good things to say about ThinkPad laptops, and not very concerned about security issues.


Posted by:

personperson
30 Aug 2015

I have to wonder if it even checks a hash of the file or compares file size at boot, if not you could just make a copy of notepad.exe or something to that extent and rename it to the LSE filename.
Yeah, notepad would open every time you start your pc, but whatevzies.


Posted by:

Swampie
30 Aug 2015

Same reason US govt/US military won't buy them (and I hope still holds true): untrustworthy and secret files in firmware/ motherboard.

Was Hillary's server a Leno?


Posted by:

Samoyed
30 Aug 2015

This is a computer company issue but make no mistake...this is a national security issue. The Chinese have tried to undermine the USA with contaminated foods, hacking, spies, stealing commercial and military data, selling fake products and pirating almost 100% of American software. I won't but their crap:)


Posted by:

jhmotjr
30 Aug 2015

The fact that Lenovo has committed TWO of the most serious infractions is completely inexcusable. I hope some government agency levies a hefty fine against them and/or a class action lawsuit is waged to send a clear message that such activity will never be tolerated! Sarcastically speaking, I'm sure that the FBI, CIA and NSA have known about Windows Platform Binary Table (WPBT) for some time and are in love with the feature.


Posted by:

Ed
30 Aug 2015

Bob,
Thank you for your information on Lenovo.
I will never buy a Lenovo product and I will tell everyone I know not to buy Lenovo products because of their lack of integrity and respect for the rights of consumers.
By the way, "sloppiness" is no excuse for egregious and malicious issues. These tech experts know exactly what they are doing. We consumers at not stupid.
Keep sending us your excellent information !!!


Posted by:

Bubba Bubinksky
31 Aug 2015

Hey, if our NSA can do it, I guess the Chinese can, too!

Turnabout is fair play. And I'm sure the Chinese Government loves having an easier way into our computers.


Posted by:

Ryan James
01 Sep 2015

While Lenovo has undertaken very questionable business ethics, it should be kept in mind constantly, ANY information about your computer is marketable. From just what make and model you bought to person specific info there are a lot of operations out there, some very legitimate, that will buy it and make a profit from it. I reiterate, ANY information.

What do I mean by any? Your credit card info, of course. Your address and phone number, of course. Web browsing statistics and interests, natch. How about, time spent on line? The make of your car? The number of users on your computer? Your childrens names? Tylenol or Paracetomol? Have an allergy to a food? Own a house or rent it?

Marketing analysis and profiling can make millionaires overnight, simply by finding the data companies want in the form they prefer. Billions of what seem like irrelevant bits of information are gleaned every day and their best possible source, your computer. Either through invasive software, negligence on your part, or simply being complacent.

Know your computer. Lock it down. Keep it up to date. Never fully trust any software company. And especially, NEVER EVER hand your computer over to some company for repair without locking down every possible thing you can.


Posted by:

Ken Volz
02 Sep 2015

Just a short note. Do not buy a Lenovo. That is the only thing that will teach them to pursue other business opportunities. OUT OF BUSINESS usually get the attention of the shareholders if there are any besides the Chinese Gov't.


Posted by:

Benjamin
02 Sep 2015

I was just looking at a Lenovo yesterday and was seriously considering buying it. Your article takes care of that. Thanks.


Posted by:

SkeeterVT
14 Sep 2015

Has anybody considered the fact that Lenovo, being a Chinese company, may have this aggressive "crapware" installed on its machines by order of the Chinese government?


Posted by:

ian
23 Sep 2015

When IBM sold Lenovo to the Middle Kingdom, I made a mental note to myself then.
Following the 2 instances of extremely dubious practices now exposed, I suppose I can now reasonably conclude that I was certainly not paranoid. Why am I not surprised?


Posted by:

rocketride
12 Sep 2017

@ SkeeterVT

I'd just about bet my own money that this is all at the behest of the 'Butchers of Beijing'.


There's more reader feedback... See all 54 comments for this article.

Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! Comments of a political nature are discouraged. Please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are reviewed, and may be edited or removed at the discretion of the moderator.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.


Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter

Copyright © 2005 - Bob Rankin - All Rights Reserved
Privacy Policy     RSS/XML


Article information: AskBobRankin -- Lenovo Caught Installing Immortal Crapware (Posted: 21 Aug 2015)
Source: https://askbobrankin.com/lenovo_caught_installing_immortal_crapware.html
Copyright © 2005 - Bob Rankin - All Rights Reserved