Autor: mgra 05.07.16 - 01:48
Zitat vom Ende des exorbitanten Blockpost:
Technical nature of this 0day vulnerability is rising an interesting question: is it backdoor or not? On one side we have the following suspicious facts:
- Vulnerable SMM callback function doesn’t look like any other SMM callback function from the same firmware, probably vulnerable code was written and committed not by regular Lenovo developers who usually work on System Management Mode.
- Vulnerable SMM callback function has absolutely no sense from engineering point of view, it can’t do anything useful except calling of arbitrary function which address was received from caller, there’s no any sane reasons to have such SMM callback in your firmware code.
On other side — you should think twice before you will start to blame the Lenovo for System Management Mode backdoor in ThinkPad computers, we still don’t have enough of facts to claim that this issue is an actual backdoor (however, that’s the main idea of good backdoors).