Lenovo Accelerator Vulnerable to Man in the Middle Attack
As if the previous security woes with SuperFish and “Solution Center“, weren’t enough for Lenovo, now they are advising users of their “Lenovo Accelerator” application to remove it immediately.
The software comes pre-loaded on dozens of models, including the Yoga series, which is their most popular line of consumer PCs. The problem Lenovo is combating with their Accelerator Application is self inflicted. Their machines, as well as other manufacturers, come with pre-loaded software that are supposed to do any number of hand-holding functions for their users, such as automatically updating device drivers and other pre-bundled software. This usually slows the computer down. The solution? INSTALL MORE SOFTWARE TO MAKE THE SOFTWARE LOAD FASTER!
Dell, HP, Acer, ASUS, and okay, okay, pretty much every other major PC manufacturer are guilty of the same, and generally these applications are highly insecure, as evidenced by a recent study by Duo Labs.
Turns out we couldn’t find any OEM laptops that _didn’t_ have remote code execution: https://t.co/xLFwhYuprX
— Jon Oberheide (@jonoberheide) May 31, 2016
It is important to note that this does not affect ThinkPad or ThinkStation computers, which are the lines targeted at business users.
Let’s all take a minute to recite one of the unwritten rules of purchasing a PC: “Unbox. Format. Install the base OS.”
Or you can take it another step further and use a Free, Open Source (FOSS) operating system from the get-go, but that’s not always the right fit for everyone, either, no matter how much my inner nerd wants it to be. Sometimes you simply need to use Windows for certain tasks, at least for now.