Lenovo recently acknowledged a major security vulnerability (CVE-2019-6160) and categorized it as a high severity exploit. This vulnerability existed in the storage devices attached to the network.
Unfortunately, the exploit ended up exposing the data of thousands of users with Lenovo-EMC storage devices. The security researchers who studied the impact revealed that the security flaw resulted in data leaks of 36TB.
A Vertical Structure report stated that the 36TB data was stored in around 13,000 spreadsheet files.
The researchers used a search engine for Internet-connected devices named Shodan to discover the data leaks. Further studies revealed that approximately 3,030,106 files were in the index.
These files contained a huge amount of sensitive financial details such as financial details and credit card information.
Lenovo quickly released the patch
The large impact of this security exploit forced Lenovo to issue an advisory. The hardware manufacturer confirmed that this is a firmware security flaw that can cause data leaks.
Some storage devices allow unauthorized users to access your private files. The attackers can easily find vulnerable devices and penetrate into the data stored on those devices.
The investigations further unfolded the fact that the number of affected LenovoEMC NAS or Iomega devices is more than 5,114.
Notably, most of these affected devices reached their end-of-life deadline. It means that Lenovo is no longer providing official support to the users.
Install the latest firmware updates now
A team from the WhiteHat Application Security Platform verified the findings and informed Lenovo about the vulnerability. Lenovo was quick to respond to the matter and pulled back the affected outdated versions.
The company also released a corresponding patch. The prompt response was crucial so that customers can continue to use Lenovo storage devices.
Lenovo recommended the owners of the affected devices to download and install the latest firmware update. As a precautionary measure, you should not use your storage devices on untrusted internet networks.
Experts appreciated Lenovo for taking necessary measures. They believe that other companies should follow the suit.