Security experts are warning that millions of Windows laptops are infected with malware that is effectively ‘unremovable’. Over 100 laptops made by technology firm Lenovo appear to be affected by a trio of critical vulnerabilities which allow hackers to secretly install malware that is virtually impossible to remove or even detect. The flaws allow hackers to modify a computer’s Unified Extensible Firmware Interface (UEFI), which is the first piece of software that runs when a PC is turned on.
A UEFI is the link between a computer’s firmware and operating system, and is found on a PC’s motherboard itself, making UEFI infections difficult to detect and even harder to remove.
The study by ESET found the vulnerabilities on over 100 different consumer Lenovo laptop models including affordable devices like the Ideapad-3 to more advanced ones like Legion 5 Pro-16ACH6 H or Yoga Slim 9-14ITL05.
Lenovo was informed of ESET’s findings last October, with the Chinese tech giant pushing out an update this month that will keep affected users safe.
Speaking about the threat in a post online, ESET said: “UEFI threats can be extremely stealthy and dangerous. They are executed early in the boot process, before transferring control to the operating system, which means that they can bypass almost all security measures and mitigations higher in the stack that could prevent their OS payloads from being executed.”
While the vast majority of affected devices are laptops that are still receiving updates, there are a number of models – including the Ideapad 330-15IGM and Ideapad 110-15IGR – which won’t receive patches as they are reaching End Of Development Support (EODS).
Advising affected users on how to stay safe, ESET said: “We strongly advise all owners of Lenovo laptops to go through the list of affected devices and update their firmware, ideally by following the manufacturer’s instructions.
“For those using End Of Development Support (EODS) devices affected by the CVE-2021-3972, without any fixes available: one thing that can help you protect against unwanted modification of the UEFI Secure Boot state is using a TPM-aware full-disk encryption solution capable of making disk data inaccessible if the UEFI Secure Boot configuration changes.”