Many of the big names in the computer industry put a huge amount of time and effort into protecting us, the unsuspecting public, from the worst that hackers can do. Companies like Microsoft spend huge amounts of money and resources into ensuring their software is as strong as possible against hacker attacks. But now it seems that top hardware manufacturers might not be going to the same kind of lengths.
In a report written from research carried out by Duo Security, it was discovered that five of the biggest names in PC manufacture – Asus, Acer, HP, Dell and Lenovo – all had security problems on their devices that could allow hackers in. the research found that the machines could allow the hijacking of updating processes that would let hackers install malicious code onto the machines.
Known as OEMs or Original Equipment Manufacturers, these companies ship their equipment with pre-installed updaters on them. Tests by Duo Security discovered at least one high risk vulnerability on each brand’s machines that would allow a hacker remote code execution abilities. To the non-computer person, this means the hacker would be able to put whatever code they want to on the system and take over the whole PC.
So what does this mean for ordinary people? Basically, you could be sitting at home, playing on your computer and get on with mobile casino and suddenly, the computer would start to act weird. Or the data you have on the computer may be accessed and used by someone, which could include sensitive information such as bank details, passwords or personal information.
Nearly all of us will have firewalls and other security in place to protect against hackers but this works on the software that is installed on the computer. According to the report, it takes surprisingly little in the way of software to knock over these defenses when they come through the pre-installed software provided with the PC. It’s a little like breaking into a house by removing the foundation bricks – all those secure windows and doors won’t matter if you go under them.
Another big area for concern is that many vendors fail to digitally sign their manifests. These are files that the updater needs to get from a server and install into their computer. This omission allows hackers to intercept these manifests, especially if they are transmitted unsecurely, and can alter the files. They could even do things like add users to the computer and give themselves administration privileges – allowing them to do what they want on your computer.
The report also stated that while they had tested just five of the OEMs, they are relatively sure that most of the others will have similar problems. The one company who seemed to be except from the problem is Apple as their paranoia about only installing their own software onto their PCs and laptops could, in this scenario, actually be a benefit. It makes it extremely difficult for hackers to insert themselves into Apple machines as they can with other big name OEMs.