Check out
http://blog.cr4.sh/2016/06/exploring-an ... enovo.html
Very interesting read.
Makes a mention of it being a possible backdoor planted on purpose?
Interesting Lenovo firmware hack
Sounds like the vulnerability is written differently to the rest of the code - implying that the Lenovo programmers were probably not aware of it or involved in its implementation. Almost sounds as if the article writer is suggesting it happened after the normal programmers went home one night.Technical nature of this 0day vulnerability is rising an interesting question: is it backdoor or not? On one side we have the following suspicious facts:
Vulnerable SMM callback function doesn’t look like any other SMM callback function from the same firmware, probably vulnerable code was written and committed not by regular Lenovo developers who usually work on System Management Mode.
Vulnerable SMM callback function has absolutely no sense from engineering point of view, it can’t do anything useful except calling of arbitrary function which address was received from caller, there’s no any sane reasons to have such SMM callback in your firmware code.
On other side — you should think twice before you will start to blame the Lenovo for System Management Mode backdoor in ThinkPad computers, we still don’t have enough of facts to claim that this issue is an actual backdoor (however, that’s the main idea of good backdoors).
Hmmm...