Lenovo has come in for criticism once again, the firm has been caught using a feature to ensure that its software stays present on a user's machine, even if they have done a clean install of the operating system.
The problem affects laptops and desktops made by the company between October 2014 and April of this year. Lenovo used a feature called Windows Platform Binary Table (WPBT). This feature is primarily an anti-theft measure supported by Microsoft but the firm has used the same measure to install a number of applications, not necessarily those to prevent theft.
The behaviour of laptops was brought to light by a poster on an Ars Technica forum. The rootkit-like installed, names Lenovo Service Engine (LSE), installs an additional program that itself updates drivers, firmware, and other pre-installed apps.
LSE resides on the firmware of the machine and replaces a core Windows file named Autchk.exe with its own version; this creates, another two files LenovoUpdate.exe and LenovoCheck.exe, which then allow further files to be downloaded once the machine connects to the internet.
However, the service engine contains a security vulnerability that puts user's systems at risk. According to a security bulletin issued by the company, LSE could be exploited by hackers to infect machines. The patch has to be installed manually.
The problem affects a large number of laptops and desktops including those from its Yoga and Flex running Windows 7, 8 and 8.1. Its Think-branded business machines are not affected.
In a statement to the press, Lenovo said that it had the problem bought to its attention by a security researcher and this prompted the company to issue an update.
"Starting in June, the new BIOS firmware has been installed on all newly manufactured Lenovo consumer notebook and desktop systems," the firm said.
"It is strongly recommended that customers update their systems with the new BIOS firmware which disables and or removes this feature."
This is not the first time Lenovo has been caught installing software that posed a risk to users. In March this year, it was found that some laptops by the manufacturer came pre-installed with Superfish adware that could potentially allow attackers to access encrypted data when it inserted visual search results into a browser.
