More than two dozen Lenovo notebook models are vulnerable to malicious hacks that disable the UEFI secure boot process and then run unsigned UEFI apps or load bootloaders that permanently backdoor a device, researchers warned on Wednesday.
At the same time that researchers from security firm ESET disclosed the vulnerabilities, the notebook maker released security updates for 25 models, including ThinkPads, Yoga Slims, and IdeaPads. Vulnerabilities that undermine the UEFI secure boot can be serious because they make it possible for attackers to install malicious firmware that survives multiple operating system reinstallations.
Not common, even rare
Short for Unified Extensible Firmware Interface, UEFI is the software that bridges a computer’s device firmware with its operating system. As the first piece of code to run when virtually any modern machine is turned on, it’s the first link in the security chain. Because the UEFI resides in a flash chip on the motherboard, infections are difficult to detect and remove. Typical measures such as wiping the hard drive and reinstalling the OS have no meaningful impact because the UEFI infection will simply reinfect the computer afterward.