Notebookcheck

'ThinkPwn' UEFI bug discovered on a wide range of notebooks

'ThinkPwn' UEFI bug discovered on a wide range of notebooks
'ThinkPwn' UEFI bug discovered on a wide range of notebooks
Lenovo has released a list of affected models, but the bug has been reportedly verified on notebooks and motherboards from other manufacturers as well.

A vulnerability relating to specific UEFI drivers has been discovered by Dmytro Oleksiuk (aka Cr4sh) and has been dubbed 'ThinkPwn' since the bug was first discovered on a Lenovo ThinkPad system. The bug, however, is not limited to Lenovo systems as it relates to a more generic Intel firmware that can also be found on certain systems from Dell, HP, Fujitsu, and Gigabyte. Additional manufacturers have not yet been ruled out, either.

Note that the UEFI bug requires physical access to the individual system to exploit, so users are still safe from outside attackers. Of the listed manufacturers, the following models have been proven to be vulnerable to the 'ThinkPwn' bug:

  • HP Pavillion DV7 4087CL (2010)
  • Fujitsu Lifebook A574/H (2013)
  • Dell Latitude E6430 (2012)
  • Gigabyte Mainboards from Ivy Bridge up to Broadwell (Models: Z68-UD3H, Z77X-UD5H, Z87MX-D3H, Z97-D3H)

Perhaps more alarmingly is that these systems are quite old dating back to as early as 2010, so the extent of the bug can be very wide. So far, most of these manufacturers have not publicly acknowledged the vulnerability including Intel.

Lenovo is the exception as the company has provided a list of known affected models. Accordingly, ThinkPad notebooks running on the Skylake platform are not affected by the vulnerability while older Ivy Bridge models (X230, T430, etc.) up to Broadwell models (X250, T450s, etc.) are all affected. Numerous Ideapad systems are also affected and any potential BIOS updates to patch the security flaw has not yet been released.

Working For Notebookcheck

Are you a techie who knows how to write? Then join our Team! Indian citizens welcome!

Currently wanted: 
News and Editorial Editor - Details here

Source(s)

static version load dynamic
Loading Comments
Comment on this article
Please share our article, every link counts!
> Notebook / Laptop Reviews and News > News > News Archive > Newsarchive 2016 07 > 'ThinkPwn' UEFI bug discovered on a wide range of notebooks
Benjamin Herzig/ Allen Ngo, 2016-07-14 (Update: 2016-07-14)
Allen Ngo
Allen Ngo - US Editor in Chief
After graduating with a B.S. in environmental hydrodynamics from the University of California, I studied reactor physics to become licensed by the U.S. NRC to operate nuclear reactors. There's a striking level of appreciation you gain for everyday consumer electronics after working with modern nuclear reactivity systems astonishingly powered by computers from the 80s. When I'm not managing day-to-day activities and US review articles on Notebookcheck, you can catch me following the eSports scene and the latest gaming news.