As if Lenovo hadn’t got in enough trouble for having sold laptops pre-loaded with its Superfish Malware back in February,  it turns out now they’ve been caught out again.

2 years ago, Lenovo got itself banned from supplying IT equipment to some of the world’s largest National Security agencies because of worries over spying and hacking concerns.

lenovo

So what have Lenovo done, this time?

Well rather than having been bought off by a 3rd party bloat ware advertiser for what might have been as little as US$ 250,000, they have been nobbled for installing their own spyware.

Lenovo have been using part of the firmware of its machines so that even if the Windows OS, and the Hard-drives were completely wiped, reformatted, and replaced…and Windows was then reinstalled, the “Lenovo Service Engine,” will reinstall itself from the main board of the Laptop or computer when it boots.

Nice name; so what does the Lenovo Service Engine actually do?

Apparently, it doesn’t do much more than much of what a lot of user installed software does, in that it reports basic anonymous information like the date, model number etc. to Lenovo. On Laptops though it goes one step further, by ‘updating’ all the rubbish preinstalled bloatware ‘apps’ that bundle with  most computers anyway.

The problem is that the LSE might be insecure, and hackable….by hackers. Who would have thought it? So no matter what antivirus solution a user chooses, and no matter how secure their system, here is something that could be bypassed.

Fortunately, Lenovo have now stopped including LSE on any new systems because of these concerns, and have released BIOS firmware updates to remove LSE from any currently affected machines.

But it still has to be done manually, a feat for many users that will be beyond their technical knowledge, and there is also the fact that many owners of Lenovo computers will never even be aware of the dangers of the LSE in the first place.