Almost everyone who has ever used modern computers, has encountered viruses or trojans, small programs that can harm your computer or notebook. That's why most users install antiviruses on their systems, especially on windows based computers.
Recently, a critical vulnerability in the Lenovo thinkpad's UEFI (a newer version of BIOS) has been found by Dmytro Oleksiuk, also known as Cr4sh. The vulnerability allows a small rootkit inside the low-level firmware to be installed, that may disable every single security feature to get over the antivurus protection.
Dmytro Oleksiuk not only discovered the vulnerability, but also came up with the exploit that is available on GitHub called "ThinkPwn".
For now, the vulnerability requires a physical access to the computer, but we're afraid that it could be possible that someone developed the remote access version.
This exploit has been tested on the following computers:
- HP Pavillion DV7 4087CL
- Fujitsu Lifebook A574/H
- Gigabyte Mainboards Ivy-Bridge
- Lenovo ThinkPad
The hardware manufactures gave up on this issue, and didn't respond immediately. We're hoping that this vulnerability will be fixed with the new firmware updates.