Technology giant Lenovo has come under heavy criticism again for subjecting users to undue security risks– this time in the form of three vulnerabilities discovered by researchers at security firm IOActive. Flaws in Lenovo's System Update service– a feature that enables users to download updated drivers, software, and security patches from Lenovo-- enables hackers to surreptitiously slip malware onto user’s laptops and systems through a man-in-the-middle attack. Lenovo has since issued a patch for these vulnerabilities, but it’s doubtful the PC giant will regain consumer credibility any time soon.
As it turns out, it may not need to– at least for a while. Though still reeling from its massive Silverfish snafu in February, the tech behemoth continues to be the global leader in PC unit sales– even as customers are abandoning the brand in droves. And while few consumers are in a rush to buy a Moto X, Lenovo’s acquisition of Motorola Mobility from Google in 2014 for $2.91 billion gives the company 8% of the global smartphone market. On top of this, a myriad of IoT, wearables, and other connected consumer devices are also reportedly under development, giving the company more than ample runway for perhaps some much needed corporate introspection and realignment.
Several items of concern worth noting:
Security is clearly not part of the airline wifi equation, as one journalist famously discovered last week on a domestic American Airlines flight.
One hopes some hard, important lessons will be learned by Lenovo– though at the end of the day, caveat emptor. The key takeaway for consumers is that proactivity is instrumental to maintaining a strong security posture. From a security perspective, overreliance on vendors to discover, announce, and remediate vulnerabilities in their own products can leave one perilously exposed. The proper adware/malware protection, IDS, and firewall products are bare essentials when it comes to bolstering one’s security posture. Resources such as MITRE’s Common Vulnerabilities and Exposures database provides users with a free, comprehensive database of up-to-date vulnerabilities. And for enterprises managing fleets of portable devices, UpGuard can provide automatic comprehensive vulnerability scanning for all types of nodes, including laptops and IoT products.
How CSTAR Works What's In the Website Risk Grader? Understanding Risk in the 21st Century
So how do events like 000webhost's massive data breach involving free web hosting providing 000webhost transpire? In a word, negligence. Gross negligence, to be precise.
Read Blog >
Access to free vulnerability assessment should be a basic right in a world where computing is integral to social and economic life. For our part, we're offering our full product, including vulnerability assessment, free forever for a user's first ten machines.
Read Blog >
Even today, the risk of data breaches in particular threaten to hamper business innovation. So what is cyber risk, and what can be done about it?
Read Blog >