Lenovo laptops vulnerable to dangerous malware, Israeli company finds

Over 100 models of Lenovo computers were found to be vulnerable to harmful malware by an Israeli cybersecurity company.

 A Lenovo laptop computer is displayed with the Microsoft Windows 7 operating system at a computer store in Hong Kong November 5, 2009 (photo credit: REUTERS/BOBBY YIP)
A Lenovo laptop computer is displayed with the Microsoft Windows 7 operating system at a computer store in Hong Kong November 5, 2009
(photo credit: REUTERS/BOBBY YIP)

A firmware breach that exposes over 100 different models of Lenovo computers to harmful malware was found by Israeli cybersecurity company ESET, the company announced on Tuesday.

The breach can be traced to the Unified Extensible Firmware Interface (UEFI), according to ESET. UEFI is a critical component of a computer that contains the code required to link the operating system and the computer hardware.

ESET warned that Lenovo’s computers are vulnerable to dangerous malware such as LoJax and ESPecter.

When these programs infect the UEFI, it is able to survive not only a reinstallation of the computer’s operating system but also the replacement of a physical hard drive.

Through the UEFI breach, hackers are able to gain full control over the infected device and potentially compromise other devices on its network.

 A view shows a laptop display showing part of a code (credit: REUTERS/VALENTYN OGIRENKO) A view shows a laptop display showing part of a code (credit: REUTERS/VALENTYN OGIRENKO)

What will Lenovo do?

Lenovo, whose laptops reportedly topped the Israeli market in 2021, was informed of the breach by ESET back in October 2021.

“UEFI threats can easily escape detection and are extremely dangerous,” Martin Smolar, the ESET malware analyst who discovered the Lenovo breach, said. “They are activated at an early stage of the operating process, meaning they can bypass most cybersecurity tools available.”

ESEP has advised all those who own a Lenovo laptop to update their firmware as per Lenovo’s instructions, which were released shortly following ESET reported its findings.

Lenovo has not yet responded to The Jerusalem Post’s request for comment on the matter.