Earlier this year, Lenovo got into some hot water after it was discovered that some Lenovo laptops came preinstalled with the Superfish bloatware. Despite Lenovo’s assurances, Superfish was found to present a serious security risk to any computer it was installed on. Lenovo has once again been caught preinstalling unwanted software on their computers.
Lenovo takes advantage of a feature of WIndows 8 and 10, which allows manufacturers to embed an executable into the machine’s firmware, which can be run by Windows. This is intended as an anti-theft measure, so that anti-theft software can be preinstalled on the computer and run at a later time even if the system was wiped clean. Lenovo has taken advantage of this feature to embed a program called Lenovo Service Engine in the firmware. When a computer boots, Lenovo Service Engine will install some of Lenovo’s own software onto the computer. If the user deletes these programs, Lenovo Service Engine will just reinstall them the next time the computer boots, and Lenovo Service Engine itself can’t be deleted because it is part of the firmware.
So what exactly does Lenovo Service Engine do? It depends on whether you have a desktop or a laptop. According to Lenovo, on desktops Lenovo Service Engine does nothing more than transmits some data to a Lenovo server, such as the system id, date, and location. It doesn’t transmit any personally identifiable information, and only does this the first time the machine connects to the Internet. If we give Lenovo the benefit of the doubt and take them at their word, this doesn’t sound too terrible.
On laptops however, Lenovo Service Engine does a bit more. It installs a program called OneKey Optimizer, which according to Lenovo performs numerous tasks like updating drivers and cleaning up junk files. OneKey Optimizer is widely regarded as bloatware, which offers no real benefit. Even if some users do find it useful, it should still be up to the user to decided if they want it or not. Installing it without consent, and reinstalling it after deletion is shady behavior at best.
It’s not just computers with Windows 8 and 10 installed that need to worry about LSE either. It has been reported that some Windows 7 machines have Lenovo Service Engine installed as well, and that it overwrites an important OS file. It seems the intention behind overwriting an OS file would be to achieve similar behavior through other means, since running an executable from firmware is a new feature in Windows 8. However, overwriting OS files to create a new system service is dangerous behavior.
Lenovo machines manufactured between October 2014 and May 2015 contain Lenovo Service Engine, however Lenovo no longer includes Lenovo Service Engine on its computers. In May, it was discovered that Lenovo Service Engine and OneKey Optimizer have security issues that put users at risk, and Lenovo decided to no longer preinstall Lenovo Service Engine on its machines in response. Lenovo’s has also released firmware updates and instructions on how to disable Lenovo Service Engine on affected computers.
When will Lenovo’s next preinstalled security threat be discovered? Leave your comment below.