Lenovo begs users to uninstall its very own software program due to big protection flaws

Closing yr, protection researchers determined Lenovo was shipping laptops with the worst safety flaw for the reason that notorious Sony rootkit debacle of 2005. Lenovo to start with promised that it would avoid shipping all such programs with home windows 10, and declared it’d make adjustments to its own evaluation process to make sure it most effective shipped cleanser, safer pcs (Emphasis original).

Lenovo

It hasn’t taken the company very lengthy to interrupt that promise. Lenovo has released a high priority security replace, informing users that one application it ships, the Lenovo software Accelerator, has a essential flaw. The notification states:

A vulnerability was identified within the Lenovo Accelerator software software that can lead to exploitation by using an attacker with man-in-the-center capabilities. The vulnerability is living inside the update mechanism in which a Lenovo server is queried to become aware of if software updates are to be had.

The Lenovo Accelerator utility is used to speed up the launch of Lenovo applications and become installed in some purchaser notebook and laptop systems preloaded with the home windows 10 running machine. Lenovo is calling for users to put off the software as a result of a Duo Labs investigation that found that the update mechanism used within the Lenovo application Accelerator is essentially broken, with no protection towards guy-in-the-middle attacks. It also carries a flaw that permits for arbitrary code execution on the target system .

OEM-vendor-issues

the whole record with the aid of Duo Labs notes that at the same time as one of the Lenovo update retailers was without a doubt hardened in opposition to assaults, the whole loss of security around the other “exemplifies the incoherent mess that is the OEM software atmosphere.”

The file keeps:

Lenovo’s UpdateAgent changed into one of the worst updaters we looked at, offering no safety features whatsoever. Executables and manifests are transmitted in the clean and no code signing assessments are enforced… Lenovo UpdateAgent does now not validate signatures of packages it downloads and executes. No attempts are made to implement the authenticity or writer for executables retrieved by using the updater… Lenovo UpdateAgent does now not make use of TLS for the transmission of the manifest or any finally retrieved executable files. Executables and manifests can easily be modified in transit.

The document additionally notes that Lenovo’s answers center is one of the best updaters from a main OEM. unfortunately, each have been transport out on Lenovo systems for quite some time; Lenovo’s listing of affected systems contains 78 laptop variations (even though a few are in the identical product line) and 39 computers.

Why unmarried out Lenovo?
One factor we need to hit head-on is why we’re specializing in Lenovo whilst every producer had severe flaws. roughly 15 months in the past, Lenovo pledged itself to building cleaner, safer computers. It declared that the ones pcs would be ready for windows 10. It in addition promised to solicit feedback from “our user network and enterprise professionals to ensure we have the right programs and nice consumer enjoy. We view these movements as a starting point. We consider that these steps will make our technology higher, more secure and greater cozy.”

here’s the honestly telling line from Lenovo’s security declaration: The Lenovo Accelerator software became never set up on ThinkPad or ThinkStation devices. In other phrases, it wasn’t mounted at the organisation’s enterprise-elegance product lines; handiest its consumer-elegance lines like Yoga and IdeaPad. That’s exactly the identical protection Lenovo provided with Superfish. remaining 12 months, I stated i would never recommend any other Lenovo system till the agency supplied proof that it had cleaned up its act and stuck its software assessment procedure. The absolutely hardened Lenovo answer center shown above? Lenovo’s personal internet site describes it as: “LSC comes preloaded on systems with windows 7, home windows eight, home windows 8.1 and home windows 10, 32- and sixty four-bit, consisting of ThinkPad, ThinkPad tablet, ThinkCentre and ThinkStation, IdeaCentre, and select IdeaPads. (Emphasis brought).

in case you own a assume-branded commercial enterprise system, Lenovo takes your security critically. in case you don’t, it doesn’t supply a shit. moves speak louder than words, and the fact that the enterprise remains selling substandard software program extra than a yr after it pledged to improve its security is evidence that nothing has modified.

No, the hassle isn’t particular to Lenovo. Acer, Asus, Dell, and HP all want to easy their very own homes and cozy their software, as soon as and for all. commencing customers to attacks through established software need to by no means be considered a cost of doing enterprise. as the Duo record notes, those programs are all considered sincere, given that they arrive directly from the manufacturers themselves, meaning they’re blanketed — even on “Signature” pc versions bought by means of the Microsoft keep. This isn’t only a Lenovo trouble, and the safety file makes that clean. though, Lenovo is the handiest computer business enterprise nevertheless throwing its clients below the bus 15 months after a vital security breach. in case you’re searching out a pc, we nonetheless endorse searching some place else. just due to the fact those flaws aren’t present on suppose-branded structures doesn’t suggest Lenovo ought to be rewarded for delivery substandard client products.

Lenovo A5000 smartphone with 4000mAh battery reaches India

Lenovo has launched yet another affordable smartphone in India under the A5000 moniker and what’s unique about this device is that it comes with a huge battery onboard. The phone is officially available for purchase through the company’s online store at Rs 9999.

 As mentioned above, the main highlight of the Lenovo A5000 is its battery which is rated at a whopping 4000mAh. Even flagship devices like the Galaxy S6 and the LG G4 don’t have such huge batteries despite packing high-end hardware and power-hungry 2K displays. The benefits such a high capacity cell introduces are much needed in the affordable market.

Lenovo A5000

According to Lenovo, a single charge of the smartphone can render an impressive 35 hours of talk time or 32 days of standby on 2G. And on 3G, the estimates stand at 17 hours and 33.5 days respectively. The handset also has quick charging support where having it plugged in for just 15 minutes will deliver around 4 hours of talk time.

Additionally, it takes a total of 3 hours for the battery to get fully charged. The A5000 phone is a mid-range release carrying a 5-inch HD display. It gains steam from a 1.3GHz quad core Cortex A7 processor and runs on Android 4.4 KitKat with the Vibe UI on top. What’s more, the company has thrown in dual SIM card slots, HSPA+ connectivity and dual cameras.

Here’s an overview of the main Lenovo A5000 specs:

– OS: Android 4.4 KitKat
– Display: 5-inch 720p HD LCD panel
– Chipset: 1.3GHz quad core MediaTek processor
– Camera: 2MP front, 8MP rear
– Memory: 1GB RAM, 8GB expandable storage
– Connectivity: Dual SIM, HSPA+, Bluetooth 4.0, Wi-Fi b/g/n, GPS
– Battery: 4000mAh

The Lenovo A5000 smartphone can be purchased through TheDoStore in black and white.

Lenovo P70 comes to India with 4000mAh battery, 64-bit octa core chip

Lenovo has officially announced the availability of its P70 smartphone which is being touted as the successor to the popular P780 handset. This device is part of the company’s large battery series as it offers a 4000mAh power and for a price of Rs 15999, it also delivers a plethora of other great features.

 The Lenovo P70 made its debut earlier this year and was listed on the company’s online store in India for pre-order last month. The phone is decently designed as it offers a simple, yet attractive look. And despite there being a large 4000mAh battery onboard, the handset isn’t all that bulky. It’s just 8.9mm thick and pretty lightweight at 149 grams.

Lenovo P70

The Lenovo phone is estimated to deliver up to 48 hours of talk time or approximately 34 days of standby. This is higher than what you’d see on the A5000 which also has a 4000mAh battery, but toned down specs. So basically, beefier hardware isn’t necessarily the cause for lower battery life.

The P70 smartphone even has quick charge support so that you can get the large power pack juiced up in a jiffy. Additionally, it can even be employed as a power bank to charge other gadgets. The company has employed an octa core MediaTek 64-bit processor to do the heavy lifting and is offering 4G LTE connectivity as well, through dual SIM card slots.

Lenovo P70 specs:

– 1.7GHz 64-bit MediaTek MT6752 octa core processor
– 2GB RAM, 16GB storage, 32GB expandable
– Android 4.4 KitKat
– 5MP front camera, 13MP rear shooter
– 5-inch 720p HD IPS LCD panel
– 4000mAh battery
– Dual SIM w/ 4G LTE, HSPA+

You can purchase the Lenovo P70 smartphone through TheDoStore. The company is bundling the device with a free 32GB microSD card as a limited offer.

Lenovo Says Committed to Manufacturing in India; Moto X Force Due Soon

Announcing its new logo and tagline in India, Chinese technology major Lenovo on Wednesday said it was committed to India in terms of investment in areas of manufacturing and research and development. The company also revealed upcoming products for the Indian market.

“In three years, we have reached a revenue of $2.5 billion (roughly Rs. 16,540 crores) in India compared to a target of $800 million (roughly Rs. 5,292 crores) when we came to this country which is fast evolving in the area of technology,” said Lenovo chairman and chief executive Yang Yuanqing.

“I have committed to Prime Minister Narendra Modi about Lenovo’s involvement in Digital India and Make-in-India campaign,” he said.

“We are looking to be the top four of 50 companies operating in India. Currently we are third in terms of rank in the smartphones category,” he added.

He also said that Lenovo will be investing in research and development in India, and that aside from hardware, we should expect software that is made in India. At the event, Motorola India head Amit Boni also mentioned that the Moto X Force was coming soon, but did not share any details of when, or at what price. The Lenovo Yoga Tab 3 Pro tablet is also going to be available in India soon, he added.

At the event, Lenovo Chief Marketing Officer David Roman also showed off the company’s new logo, unveiled earlier this year. A first in that it was crowd-sourced with ideas taken from the brand’s followers, finalised into a new look. Along with that, he also showed off Lenovo’s new tagline, “Innovation never stands still”.

Lenovo Phab Plus With 6.8-Inch Display Available in India

Lenovo’s Phab Plus smartphone, which was unveiled in China in August, has finally made its way to the Indian market via a third-party online retailer. The Lenovo Phab Plus is now available to buy via Amazon India at Rs. 18,490. Unfortunately, there is no official word on the launch of Phab Plus from Lenovo. The smartphone, at the time of writing, was not listed on company’s India site.

The Lenovo Phab Plus smartphone features a 6.8-inch full-HD (1080×1920 pixels) display offering a pixel density of 326ppi, the highlight of the smartphone. Lenovo’s new Phab Plus can be expected to compete against Huawei’s Ascend P8max, which also features a similar 6.8-inch full-HD display. Last month, we spent some time with Lenovo’s new Phab Plus at the IFA in Berlin and you can read our first impressions here.

The Lenovo Phab Plus packs a 64-bit octa-core Qualcomm Snapdragon 615 processor clocked at 1.5GHz coupled with an Adreno 405 GPU and 2GB of RAM. The handset features 32GB inbuilt storage and also supports expandable storage support via microSD card.

Running Android 5.0 Lollipop with the Vibe UI skin on top, the Phab Plus sports a 13-megapixel rear camera with dual-LED flash and also comes with a 5-megapixel front camera. The dual-SIM based Phab Plus supports one Micro-SIM card and the other Nano-SIM.

Connectivity options on the new phablet from Lenovo include 4G, 3G, GPS/ A-GPS, Wi-Fi, Bluetooth, and Micro-USB. As of now, there is no word whether the Phab Plus supports Indian LTE bands. Under the hood, Lenovo packs a 3500mAh battery which the company claims can deliver up to 24 hours of talk time and up to 350 hours of standby time. It also features a rear speaker with Dolby Atmos. The Lenovo Phab Plus measures 186.6×96.6×7.6mm and weighs 220 grams. The smartphone will be available in Metallic Grey and Midnight Blue colours. The Phab Plus is currently available via Amazon India.

Download the Gadgets 360 app for Android and iOS to stay up to date with the latest tech news, product reviews, and exclusive deals on the popular mobiles.

Lenovo Phab Plus

Lenovo Phab Plus

Display

6.80-inch

Processor

1.5GHz

Front Camera

5-megapixel

Resolution

1080×1920 pixels

RAM

2GB

OS

Android 5.0

Storage

32GB

Rear Camera

13-megapixel

Battery capacity

3500mAh

Lenovo launches Ideapad Y700-17ISK gaming laptop

The Y700-17ISK laptop sports a 17-inch full-HD (1080x1920p) anti-glare display.
<br/><br/>
The Y700-17ISK laptop sports a 17-inch full-HD (1080x1920p) anti-glare display.

NEW DELHI: Lenovo has launched a new portable gaming laptop – the Ideapad Y700-17ISK at Rs 1,25,000. The laptop will be open for pre-booking exclusively on Lenovo’s official online store thedostore starting October 1, 2015 and will include free accessories such as gaming surround sound headset, gaming precision mouse and gaming mouse mat worth Rs 9,555.

The Y700-17ISK laptop sports a 17-inch full-HD (1080x1920p) anti-glare display.

The particular model is powered by a 6th generation Intel Core i7 processor and GTX-960M graphics with 16GB DDR4 RAM. Users can also choose other AMD and Intel chip configurations. It runs Windows 10 operating system.

The model comes with 128GB SSD and 1TB hard disk drive along with a backlit keyboard. It has a 4 cell 60WH battery and a 720p camera.

It is equipped with JBL speakers (2x2W), subwoofer(3W) and optimized thermal cooling.

The laptop has 2 USB 3.0 ports, a USB 2.0 port, an HDMI port and a built-in memory card reader.

Lenovo in the News Again for Installing Spyware on Its Machines

Despite launching a number of interesting products this year, Lenovo has perhaps got more press time for the things it has done wrong. The Chinese technology conglomerate is back in news, this time for allegedly installing a program on at least some of its refurbished notebook lineup that is programmed to send users’ feedback data to Lenovo. Upon further inspection, the program seems to have an association with a third-party marketing and Web analytics firm.

As per many users’ report, the company ships its factory refurbished laptops with a program called “Lenovo Customer Feedback Program 64” that is scheduled to run every day. According to its description, Lenovo Customer Feedback Program 64 “uploads Customer Feedback Program data to Lenovo.”

Upon further digging, Michael Horowitz of Computerworld found these files in the folder of the aforementioned program: “Lenovo.TVT.CustomerFeedback.Agent.exe.config,Lenovo.TVT.CustomerFeedback.InnovApps.dll, and Lenovo.TVT.CustomerFeedback.OmnitureSiteCatalyst.dll.” As he further pointed out, Omniture, as mentioned in the suffix of one of the files, is an online marketing and Web analytics firm, which suggests that the laptops are tracking and monitoring users’ activities.

On its support website, the largest PC vendor noted that it may include software components that communicate with servers on the Internet. These applications could be on any and every ThinkCentre, ThinkStation, and ThinkPad lineups. One of the applications listed on the website isLenovo.TVT.CustomerFeedback.Agent.exe.config.

This isn’t the first time Lenovo has been caught shipping what appears to be a spyware on its machines. Earlier this year, Lenovo was found bundling a spyware called “Superfish” on its machines. In August, the company was caught covertly downloading and installing software on its Windows PCs. The program modified the BIOS to force the computer to download its programs upon each login.