Data Recovery Digest

Laptop users are no strangers to malicious software. This is especially true for mobile users who regularly switch between public and private Wi-Fi networks, as they’re usually exposed to even more threats than those who user their devices solely at home or in secured environments. Regardless, most malware is easily removable via modern anti-malware tools.

Except in the case of a recent, virulent strain of malicious software that specifically affects Lenovo-branded laptops. In this case, becoming infected with the malware – which cannot be removed through ordinary means – could render your entire laptop completely useless. In some situations, the malware might even go completely unnoticed by the user.

While Lenovo has since released comprehensive security updates for more than 100 different laptops released under their brand, the updates are of little use to those who have already had their systems corrupted.

Examining the Issue

The issue comes down to a series of vulnerabilities that affect more than one million laptops. Targeting the computer’s Unified Extensible Firmware Interface, or UEFI, this system is absolutely critical to regular system operation.

If left un-patched, these laptops are susceptible to a multitude of malicious actions, ultimately giving a hacker unrestricted access to the UEFI secure boot interface, system BIOS, and more. Moreover, hackers can use malicious software to access the system’s protected range register, a key component of the serial peripheral interface (SPI), which makes it impossible to make any unauthorized changes to the laptop’s firmware.

Without a secure SPI, hackers are capable of rendering an entire laptop unbootable and inaccessible. In more extreme cases, these vulnerabilities could be exploited by spies for the purpose of digital espionage and advanced cyber warfare.

If there is a silver lining to this situation, it comes in the fact that all of these recent vulnerabilities require local system access. This means that a hacker must have prior control over your laptop, which would have been gained through other nefarious means. While these vulnerabilities won’t serve as a point-of-entry into your device, they can be heavily exploited if a hacker already has control.

Growing More Common

Unfortunately, these vulnerabilities and attacks – specifically ones targeting a system’s SPI – are growing in severity and frequency. In 2020, a malicious program known as Trickbot made headlines by providing hackers with similar tools.

While there are only a few other known examples of UEFI malware, the fact that more than one million laptops are now at risk only shows how rapidly hacking technology has advanced in recent years. As their tools grow even more sophisticated, and as their tactics are further refined, we can expect to see more attacks like SPI code injections and UEFI-oriented malware.

Lenovo has published a comprehensive list of the affected models on their official site, which {{https://support.lenovo.com/us/en/product_security/LEN-73440#Lenovo%20Notebook|can be found here}}. It contained many different laptops models and styles, including the IdeaPad 3, Legion 5, Legion 7, Legion S7, Slim 7, Slim 9, V14, V140, V15, V17, V340, Yoga, Yoga 7, Yoga Slim 7, and more.