Pre-loaded Bloatware a Security Risk (Updated)
Posted by: Timothy Weaver on 06/01/2016 11:11 AM
[
Comments
]
Five laptops ( Dell, HP, Asus, Acer and Lenovo ) all had bloatware preinstalled on their systems that could cause security risks.
Researchers at Duo Labs found that all the laptops had at least one piece of bloatware that could result in a Man-in-the-Middle attack within the first 10 minutes of operation.
According to the Duo Lab report: "The Original Equipment Manufacturer software landscape is complicated and includes a depressing amount of superfluous tools for vendor support, free software trials, and other vendor-incentivized crapware (or bloatware). Some apps do nothing more than add a shortcut to launch your web browser to a specific site."
Steve Manzuik, director of security researcher with Duo Security said that Hewlett-Packard and Lenovo responded quicly to fix the flaws, however, Asus and Acer dragged their feet when told of the flaws. Duo Security found it “difficult to get a response” from Acer and Asus. “When we did get a response from them, just getting a follow-up or confirmation that ‘Yes we released a patch and are fixing it,’ proved to be very difficult.
Duo Labs had this advice for users of the laptops:
1) Wipe the system and install a bloatware free system.
2) Identify the bloatware and disable or uninstall it.
3) Be aware of the systems that are more responsive to the security risks.
Lenovo is now urging users to dump its Accelerator support application after it was revealed to have what it says are serious interception vulnerabilities.
Source: Dark Reading
Researchers at Duo Labs found that all the laptops had at least one piece of bloatware that could result in a Man-in-the-Middle attack within the first 10 minutes of operation.According to the Duo Lab report: "The Original Equipment Manufacturer software landscape is complicated and includes a depressing amount of superfluous tools for vendor support, free software trials, and other vendor-incentivized crapware (or bloatware). Some apps do nothing more than add a shortcut to launch your web browser to a specific site."
Steve Manzuik, director of security researcher with Duo Security said that Hewlett-Packard and Lenovo responded quicly to fix the flaws, however, Asus and Acer dragged their feet when told of the flaws. Duo Security found it “difficult to get a response” from Acer and Asus. “When we did get a response from them, just getting a follow-up or confirmation that ‘Yes we released a patch and are fixing it,’ proved to be very difficult.
Duo Labs had this advice for users of the laptops:
1) Wipe the system and install a bloatware free system.
2) Identify the bloatware and disable or uninstall it.
3) Be aware of the systems that are more responsive to the security risks.
Lenovo is now urging users to dump its Accelerator support application after it was revealed to have what it says are serious interception vulnerabilities.
Source: Dark Reading
Comments
