A security researcher, Dymtro Oleksiuk (also known as “Cr4sh”) has claimed to find a flaw affecting Windows devices that could potentially allow hackers to work around Windows’ basic security infrastructure and protocols. Oleksiuk’s post on GitHub uncovers that the vulnerable driver was directly copy and pasted from Intel, which means that other manufacturers could have the same flaw as well. A 2010 HP Pavilion laptop has already been listed as vulnerable to this attack as a result.
Lenovo’s public response, which can be found here, seems to suggest that the company tried to speak with Oleksiuk before he published the compromised code – and failed. The idea that the flaw originates from Intel-supplied code is corroborated by the report, and it is noted that collaboration with Lenovo’s partners is occurring to fix this flaw as soon as possible.
Some of the wording within the public statement seems to imply that the flaw may be present as a backdoor – especially the absence of a couple of key questions. The justification of the verification of the publisher of the documentation of the flaw is because it “does not know its originally intended purpose,” which isn’t very clear.
Whose fault is this? Discuss this in the comments.
Image Credit: The Verge