- Jun 9, 2013
- 6,720
Bloatware creates easy pwnage
Computers from many of the biggest PC makers are riddled with easy-to-exploit vulnerabilities in pre-loaded software, security researchers warn.
The research from Duo Security shows that bloatware is not just a nuisance that causes a lag in system boot-up, but a security risk. Laptops from Acer, Asus, Dell, HP and Lenovo all have at least one security vulnerability that can lead to a full system compromise. Most of the vulnerabilities would be straightforward to exploit even for technically unsophisticated hackers, according to Duo Security.
Lenovo copped an enormous amount of flack after it began bundling Superfish adware with some of its computers in September 2014. Superfish adware was installed on some Lenovo PCs with a trusted root certification authority (CA) certificate, allowing an attacker to spoof HTTPS traffic.
A machine with Superfish VisualDiscovery installed will be vulnerable to SSL spoofing attacks without a warning from the browser, as US CERT warned around the time the scandal broke in early 2015.
Duo's research shows the Superfish controversy was but an extreme example of a wider security problem involving pre-installed software from multiple manufacturers.
"The OEM software landscape is complicated and includes a depressing amount of superfluous tools for vendor support, free software trials, and other vendor-incentivized crapware," Duo Security researchers warn.
"Some apps do nothing more than add a shortcut to launch your web browser to a specific site.
Full Article. These big-name laptops are infested with security bugs – study
Computers from many of the biggest PC makers are riddled with easy-to-exploit vulnerabilities in pre-loaded software, security researchers warn.
The research from Duo Security shows that bloatware is not just a nuisance that causes a lag in system boot-up, but a security risk. Laptops from Acer, Asus, Dell, HP and Lenovo all have at least one security vulnerability that can lead to a full system compromise. Most of the vulnerabilities would be straightforward to exploit even for technically unsophisticated hackers, according to Duo Security.
Lenovo copped an enormous amount of flack after it began bundling Superfish adware with some of its computers in September 2014. Superfish adware was installed on some Lenovo PCs with a trusted root certification authority (CA) certificate, allowing an attacker to spoof HTTPS traffic.
A machine with Superfish VisualDiscovery installed will be vulnerable to SSL spoofing attacks without a warning from the browser, as US CERT warned around the time the scandal broke in early 2015.
Duo's research shows the Superfish controversy was but an extreme example of a wider security problem involving pre-installed software from multiple manufacturers.
"The OEM software landscape is complicated and includes a depressing amount of superfluous tools for vendor support, free software trials, and other vendor-incentivized crapware," Duo Security researchers warn.
"Some apps do nothing more than add a shortcut to launch your web browser to a specific site.
Full Article. These big-name laptops are infested with security bugs – study
