Now Reading
Vulnerabilities: Holes Discovered in Support Software from Toshiba, Dell, and Lenovo

Vulnerabilities: Holes Discovered in Support Software from Toshiba, Dell, and Lenovo

by P. H. MadoreDecember 9, 2015

Toshiba Service Station, Dell System Detect, and Lenovo Solution Center all have security vulnerabilities, according to new research by an anonymous hacker group. Lenovo’s Windows platform seems to be specifically affected. One of its vulnerabilities actually allows malicious code to be executed via the web, through an internal browser.

The group goes by “Ring of Lightning” and made no bones about publishing the exploit kits on their website. The most heinous of the exploits was apparently Lenovo, which allows for remote execution if the software is running on the host computer at the time of the attempt.

Also read: Lenovo Caught Preinstalling Adware on Laptops

The author of the vulnerability seems upset with Dell in particular. In the code comments for “dellsystempwned.d,” he writes:

GG [good game] Dell
you “fix” the issue *I* reported to you with RSA-1024 signatures and then you put valid signatures for the stuff that an attacker would find interesting.. RIGHT ON YOUR WEBSITE FOR ATTACKER TO SCRAPE!

The code doesn’t require much in the way of actual privileges to get its job done. By line 92, it appears able to pull an actual authentication token from, albeit falsified.

static Token checkAdminRights() {
return Token("clientservice","checkadminrights", "","expires","checkAdminRightsToken");

Another file provided in the Zip archive allows the user to gain a system shell in a Lenovo system. This code is much shorter, but apparently achieves its result in that time. The interesting bit, looking over all the code, is how remarkably simple it is. One would expect that the largest PC manufacturers in the world would have the mans to check for such holes, but increasingly we learn that it doesn’t matter.

If you’re a computer user in the wild, you’re basically on your own, and that’s all there is to it. It’s important to note that none of these vulnerabilities affect the Linux desktop, an increasingly valid choice as more and more users cease to rely on desktop-level applications for their daily usage. (Disclosure: the author hasn’t touched a Windows computer in several years.)

As for the Toshiba support exploit, it’s even more interesting than the other two. From another file in the archive, “loadofoldtosh.d”:

TOSHIBA Service Station sets up a service “TMachInfo” that runs as SYSTEM and sets up an XML-based API that communicates over localhost, UDP port 1233.

You can see the implication here. Toshiba saw fit to give the equivalent of root access to its support software. One hopes that these three companies, and others if applicable, patch their software sooner than later, and maybe stop with this idea that they should be remotely accessing customer PCs in the first place. Conversely, users could leave the Windows environment, but that seems less likely.

Featured image from Shutterstock.

Advertised sites are not endorsed by us. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
What's your reaction?
Love it
Hate it