Critical Flaws Found in Laptops From Several Major Manufacturers: Report

Critical Flaws Found in Laptops From Several Major Manufacturers: Report
Highlights
  • The researchers investigated 10 laptops from popular OEMs.
  • Software update tools on laptops contained at least one critical flaw.
  • HP, Dell, and Lenovo have already released fixes for vulnerabilities.
Advertisement

Duo Labs, the research team at Duo Security, has discovered new security vulnerabilities in the software update tools preloaded on laptops of some popular brands. In its new published study 'Out-of-Box Exploitation: A Security Analysis of OEM Updaters', Duo Labs found that laptops from HP, Dell, Acer, Asus, and Lenovo carried security vulnerabilities right out-of-the-box that if exploited could allow attackers to take over the system in just 10 minutes.

The research team noted, "Every OEM we looked at included one (or more) [vulnerabilities] with their default configuration." The team found 12 different software vulnerabilities in the software update tools that come preloaded on laptops from HP, Dell, Acer, Asus, and Lenovo.

The researchers investigated the Lenovo Flex 3, HP Envy, HP Stream x360 (Microsoft Signature Edition), HP Stream (UK version), Lenovo G50-80 (UK version), Acer Aspire F15 (UK version), Dell Inspiron 14 (Canada version), Dell Inspiron 15-5548 (Microsoft Signature Edition), Asus TP200S, and Asus TP200S (Microsoft Signature Edition).

Steve Manzuik, Duo Security's Director of Security Research explained to IBTimes UK, "Short of explicitly disabling updaters and removing Original Equipment Manufacturer [OEM] components altogether, the end user can do very little to protect themselves from the vulnerabilities created by OEM update components. In general you have to be a tech person to understand there's a problem and then know how to fix it. You have to know to go to the manufacturer's website and know how to download and install the software. We knew these laptops were being bought by people who aren't tech people."

Talking about the five OEMs, Manzuik said that Acer and Asus were the "worst." Manzuik said, "With Asus, there were two different vulnerabilities. This one had code execution that was quite obvious and easy to exploit - it literally took less than 10 minutes to attack the system using that vulnerability."

Duo Labs also suggested some steps for users to safeguard from preloaded software vulnerabilities including wiping any OEM system, and reinstalling a clean and bloatware-free copy of Windows before the system is used. The research team also suggests identifying any unnecessary software and disabling or uninstalling it.

"Dell, HP and Lenovo vendors (in specific cases) appeared to perform more security due diligence when compared to Acer and Asus," added the study.

Soon after Duo Labs reached out to the OEMs, many fixed the vulnerabilities by releasing fixes. According to the research team, HP, Dell, and Lenovo released the fixes. Acer and Asus acknowledged the vulnerabilities and will soon release a fix.

This is not the first time popular laptop OEMs have been identified carrying software vulnerabilities preloaded as previously cases such as the Superfish fiasco where Lenovo was caught installing adware on many of its PCs as well as eDellRoot where Dell was reported to be shipping its systems with a self-signed digital certificate that could be exploited by hackers to leave the system vulnerable to man-in-the-middle attacks.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: Acer, Asus, Bloatware, Dell, HP, Laptops, Lenovo, Windows
Ketan Pratap
Ketan Pratap is the editor at Gadgets 360 - with over 12 years of experience covering the technology domain. With a breadth and depth of knowledge in the field, he's done extensive work across news, features, reviews, and opinion pieces. But what's truly inspiring about Ketan is how he spends his free time. He's often found gazing at snow-capped mountains from over 20,000 feet while sitting on the hood of his car, taking in the breathtaking beauty of nature. His passion for the great ...More
Trai Seeks Penal Powers as Telcos Fail Call Drop Test
US Federal Reserve Records Show Dozens of Cyber Breaches in Recent Years
Facebook Gadgets360 Twitter Share Tweet Snapchat LinkedIn Reddit Comment google-newsGoogle News

Advertisement

Follow Us
© Copyright Red Pixels Ventures Limited 2024. All rights reserved.
Trending Products »
Latest Tech News »