联想因为Lenovo Service Engine BIOS再一次陷入麻烦
2016-01-02 19:28
465 查看
Lenovo once again in hot waters over Lenovo Service Engine BIOS http://www.ghacks.net/2015/08/12/lenovo-once-again-in-hot-waters-over-lenovo-service-engine-bios/ By Martin Brinkmann on August 12, 2015 in Security - Last Update: August 12, 2015 5
The year has not been good for Lenovo so far. After news broke in
February that the company shipped some of its computer systems with adware and a problematic root certificate, it seemed unlikely that a major incident like this would happen again.
今年对联想公司目前来说不太顺利。二月份一条消息曝光了联想公司的在它们部分电脑内安装了恶意软件和有问题的根证书。可能这种不幸的事情又要发生了。
Recent threads on Reddit and Hacker News
indicate that Lenovo used a utility it called Lenovo Service Engine in
the BIOS of some products that downloaded a program called OneKey
Optimizer to user systems and sent "non-personally identifiable system
data" to Lenovo servers.
最近Reddit和Hacker news指出联想公司在BIOS中安装了Lenovo Service Engine的应用,这款应用汇下载一款名为OneKey
Optimizer的程序,并上传“非个人的身份信息的系统数据”至公司服务器。What makes this particularly worrisome is that Windows files were
overwritten on boot, that files were added to the Windows system32
directory, and that a service was set up on the system to transfer the
data to Lenovo.
这次特别值得担忧是系统启动时windows系统文件被覆盖了,这些文件被添加到了system32目录,从而达到启动并把数据传至联想公司。
The collected data, according to Lenovo, consists of machine type and
model, a system UUID, region and date. Once the data has been submitted
successfully the service is automatically disabled on the system.
联想公司收集信息包括主机类型以及型号、系统UUID、区域和时间。一旦这些信息发送成功系统上被安装的服务将自动关闭。
Since the tool is based in the BIOS, it will do its work even if the
Lenovo machine is formatted and Windows is installed cleanly afterwards.
因为工具是基于BIOS的,所以即使是格式化的或是绿色安装的Win系统的主机也能运行。
Security vulnerabilities were discovered in Lenovo's implementation,
which the company admits were not consistent with Microsoft's security
guidelines for Windows Platform Binary Table.
这些在联想的设备发现被其公司承认的安全隐患没有遵循微软安全准则WPBT(Windows Platform Binary Table)。
But what is the Windows Platform Binary Table?
什么是WPBT?
The WPBT is a fixed Advanced Configuration and Power
Interface (ACPI) table that enables boot firmware to provide Windows
with a platform binary that the operating system can execute.
WPBT是修改的ACPI表,此表可通过启动固件运行windows系统启动的二进制代码。
[..]
It is expected that the binary pointed to by the WPBT is
part of the boot firmware ROM image. The binary can be shadowed to
physical memory as part of the initial bootstrap of the boot firmware,
or it can be loaded into physical memory by extensible boot firmware
code prior to executing any operating system code.
由此可见通过WPBT可以让二进制数据的指向是启动固件ROM中的一部分。这些二进制数据可以映射至物理内存作为启动固件初始化引导程序的一部分,或者可以通过扩展启动固件代码的指向来载入内存运行任意的操作系统代码。
Affected products (according to this news post)
受影响的产品:
Lenovo Notebooks笔记本:
Flex 2 Pro 15 (Broadwell), Flex 2 Pro 15 (Haswell), Flex 3 1120, Flex 3
1470/1570, G40-80/G50-80/G50-80 Touch, S41-70/U41-70, S435/M40-35,
4000
V3000
, Y40-80, Yoga 3 11 , Yoga 3 14, Z41-70/Z51-70, Z70-80/G70-80
Lenovo Desktop台式机:
A540/A740, B4030, B5030, B5035, B750, H3000, H3050, H5000, H5050, H5055,
Horizon 2 27, Horizon 2e(Yoga Home 500), Horizon 2S, C260, C2005,
C2030, C4005, C4030, C5030,
X310(A78), X315(B85)
Lenovo Desktop (China)台式机(中国):
D3000, D5050, D5055, F5000, F5050, F5055, G5000, G5050, G5055, YT
A5700k, YT A7700k, YT M2620n, YT M5310n, YT M5790n, YT M7100n, YT S4005,
YT S4030, YT S4040, YT S5030
The fix
修复:
Lenovo has released BIOS updates for affected products that disable
the Lenovo Service Engine, and a tool that removes services and files on
systems running Windows 7, Windows 8 and 8.1, and Windows 10.
联想公司已经发布了关闭 Lenovo Service Engine的BIOS更新,更新里的工具可以卸载运行在Windows 7、Windows 8 、 8.1和 Windows 10里的文件。
The removal tool runs the following operations on affected systems:
卸载工具对系统的改动如下:
Stops the LSE service
Deletes all files installed by the LSE module, which include C:\windows\system32\wpbbin.exe,
C:\windows\system32\LenovoUpdate.exe, C:\windows\system32\LenovoCheck.exe
Repairs the autocheck files in Windows
Disables the UEFI variable that enables LSE if the system is running Windows 8, 8.1 or 10 in UEFI mode
Downloads are provided on the Lenovo support website.
1、暂停LSE服务;
2、删除LSE模块安装的文件,C:\windows\system32\wpbbin.exe,
C:\windows\system32\LenovoUpdate.exe, C:\windows\system32\LenovoCheck.exe;
3、修复windows自动检测的文件;
4、关闭UEFI可修改,若系统为UEFI模式下的windows 8, 8.1 or 10 就激活LSE。
The year has not been good for Lenovo so far. After news broke in
February that the company shipped some of its computer systems with adware and a problematic root certificate, it seemed unlikely that a major incident like this would happen again.
今年对联想公司目前来说不太顺利。二月份一条消息曝光了联想公司的在它们部分电脑内安装了恶意软件和有问题的根证书。可能这种不幸的事情又要发生了。
Recent threads on Reddit and Hacker News
indicate that Lenovo used a utility it called Lenovo Service Engine in
the BIOS of some products that downloaded a program called OneKey
Optimizer to user systems and sent "non-personally identifiable system
data" to Lenovo servers.
最近Reddit和Hacker news指出联想公司在BIOS中安装了Lenovo Service Engine的应用,这款应用汇下载一款名为OneKey
Optimizer的程序,并上传“非个人的身份信息的系统数据”至公司服务器。What makes this particularly worrisome is that Windows files were
overwritten on boot, that files were added to the Windows system32
directory, and that a service was set up on the system to transfer the
data to Lenovo.
这次特别值得担忧是系统启动时windows系统文件被覆盖了,这些文件被添加到了system32目录,从而达到启动并把数据传至联想公司。
The collected data, according to Lenovo, consists of machine type and
model, a system UUID, region and date. Once the data has been submitted
successfully the service is automatically disabled on the system.
联想公司收集信息包括主机类型以及型号、系统UUID、区域和时间。一旦这些信息发送成功系统上被安装的服务将自动关闭。
Since the tool is based in the BIOS, it will do its work even if the
Lenovo machine is formatted and Windows is installed cleanly afterwards.
因为工具是基于BIOS的,所以即使是格式化的或是绿色安装的Win系统的主机也能运行。
Security vulnerabilities were discovered in Lenovo's implementation,
which the company admits were not consistent with Microsoft's security
guidelines for Windows Platform Binary Table.
这些在联想的设备发现被其公司承认的安全隐患没有遵循微软安全准则WPBT(Windows Platform Binary Table)。
But what is the Windows Platform Binary Table?
什么是WPBT?
The WPBT is a fixed Advanced Configuration and Power
Interface (ACPI) table that enables boot firmware to provide Windows
with a platform binary that the operating system can execute.
WPBT是修改的ACPI表,此表可通过启动固件运行windows系统启动的二进制代码。
[..]
It is expected that the binary pointed to by the WPBT is
part of the boot firmware ROM image. The binary can be shadowed to
physical memory as part of the initial bootstrap of the boot firmware,
or it can be loaded into physical memory by extensible boot firmware
code prior to executing any operating system code.
由此可见通过WPBT可以让二进制数据的指向是启动固件ROM中的一部分。这些二进制数据可以映射至物理内存作为启动固件初始化引导程序的一部分,或者可以通过扩展启动固件代码的指向来载入内存运行任意的操作系统代码。
Affected products (according to this news post)
受影响的产品:
Lenovo Notebooks笔记本:
Flex 2 Pro 15 (Broadwell), Flex 2 Pro 15 (Haswell), Flex 3 1120, Flex 3
1470/1570, G40-80/G50-80/G50-80 Touch, S41-70/U41-70, S435/M40-35,
4000
V3000
, Y40-80, Yoga 3 11 , Yoga 3 14, Z41-70/Z51-70, Z70-80/G70-80
Lenovo Desktop台式机:
A540/A740, B4030, B5030, B5035, B750, H3000, H3050, H5000, H5050, H5055,
Horizon 2 27, Horizon 2e(Yoga Home 500), Horizon 2S, C260, C2005,
C2030, C4005, C4030, C5030,
X310(A78), X315(B85)
Lenovo Desktop (China)台式机(中国):
D3000, D5050, D5055, F5000, F5050, F5055, G5000, G5050, G5055, YT
A5700k, YT A7700k, YT M2620n, YT M5310n, YT M5790n, YT M7100n, YT S4005,
YT S4030, YT S4040, YT S5030
The fix
修复:
Lenovo has released BIOS updates for affected products that disable
the Lenovo Service Engine, and a tool that removes services and files on
systems running Windows 7, Windows 8 and 8.1, and Windows 10.
联想公司已经发布了关闭 Lenovo Service Engine的BIOS更新,更新里的工具可以卸载运行在Windows 7、Windows 8 、 8.1和 Windows 10里的文件。
The removal tool runs the following operations on affected systems:
卸载工具对系统的改动如下:
Stops the LSE service
Deletes all files installed by the LSE module, which include C:\windows\system32\wpbbin.exe,
C:\windows\system32\LenovoUpdate.exe, C:\windows\system32\LenovoCheck.exe
Repairs the autocheck files in Windows
Disables the UEFI variable that enables LSE if the system is running Windows 8, 8.1 or 10 in UEFI mode
Downloads are provided on the Lenovo support website.
1、暂停LSE服务;
2、删除LSE模块安装的文件,C:\windows\system32\wpbbin.exe,
C:\windows\system32\LenovoUpdate.exe, C:\windows\system32\LenovoCheck.exe;
3、修复windows自动检测的文件;
4、关闭UEFI可修改,若系统为UEFI模式下的windows 8, 8.1 or 10 就激活LSE。
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- IOS中的深拷贝和浅拷贝
- iOS中imageNamed 和 imageWithContentOfFile的区别
- iOS不同版本适配问题(#ifdef __IPHONE_7_0)
- IOS7:学习笔记2
- iOS学习一_Xcode初体验
- CALayer - 9
- IOS VLC 播放器 开发 滑动快进和后退
- iOS如何判断设备中是否安装了某款应用
- IOS逆向之旅
- iOS渐隐渐现效果跳转
- 【iOS】OC总结
- 苹果开发者查看账号到期时间及续费网址
- iOS添加、移除、交换子视图
- iOS上传照片
- iOS拍照、从相册选图并对图片进行裁剪
- iOS开发之隐藏键盘的方法总结
- iOS程序性能优化
- iOS开发之多线程篇 多线程简介
- JSPatch – 动态更新iOS APP
- iOS代码规范 2016版