Dmytro “Cr4sh” Oleksiuk has a conversation on Twitter about using using his CHIPSEC-based exploit module against Lenovo models, noting some firmware vulnerabilities in Lenovo x220/x230 laptops.
Here are 5 tweets, let’s see how the non-deterministic WordPress.com rendering software will show them:
https://twitter.com/d_olex/status/6916255973326315
https://twitter.com/d_olex/status/69162603603585024252
It is nice to hear “The most recent ones looks not vulnerable.” Maybe the Lenovo QA team is improving? π Looking forward to more research on this, more than just a few Tweets, his research is usually very verbose! Also, he has updated the readme on his update script today:
Firmware Security 