The journey to remediating a Lenovo vulnerability that left 36TB of data exposed
Best Practices in Identifying and Remediating Vulnerabilities
Written by: Vertical Structure on Oct 01, 2019
Best Practices in Identifying and Remediating Vulnerabilities
Written by: Vertical Structure on Oct 01, 2019
In the past decade, we have all seen dozens of tech giants fall victim to devastating data breaches and crippling vulnerabilities with cyberattacks becoming the fastest-growing crime in the U.S. In WhiteHat’s 2018 Application Security Statistics Report, it was discovered:
This data underlines how every organization can be affected by an outside adversary or data leak even with security barriers in place.
In this article, we’ll take a closer look at how research partners Vertical Structure and WhiteHat Security worked together to identify and verify a vulnerability, and then notify and work with the vendor to quickly and effectively remediate the issue and protect customers.
In the fall of 2018, during a search on Shodan.io, software designed to monitor network security, a Vertical Structure employee discovered a pattern of unmarked files that looked out of place. After some investigating, the researcher found external hard drives that would leak information through specially crafted requests via an API but not through their web interface. Initial estimates showed that many terabytes of data were exposed
While Google had already indexed a number of these devices, Vertical Structure decided to investigate a bit further to find out what kind of information was being compromised.
Vertical Structure was able to find about 13,000 spreadsheet files indexed, with 36 terabytes of data available. The number of files in the index from scanning totalled to 3,030,106. Within these files, there was a significant amount of files with sensitive financial information including card numbers and financial records. Vertical Structure was able to track down the source, a legacy Iomega storage product acquired by EMC and co-branded Lenovo-EMC in a joint venture.
After discovering the compromised Lenovo device, Vertical Structure contacted WhiteHat Security because of its world-renowned reputation in helping secure applications, to work together to verify the vulnerability found.
Verifying vulnerabilities is a very important step in securing applications, networks and devices. After all, on an average day, WhiteHat scanners discover hundreds upon hundreds of new potential vulnerabilities. In order to protect organizations from a constant barrage of false positives, each and every one of the potential vulnerabilities is carefully assessed and verified by WhiteHat’s team of application security engineers at its Threat Research Center (TRC).
Once Vertical Structure contacted WhiteHat, the company did an initial investigation to verify the information found was indeed an issue. After using the combination of WhiteHat’s machine learning-powered scanners and TRC, WhiteHat was able to confirm with Vertical Structure that the vulnerability was valid.
Alerting Lenovo and remediating the issue
The next step in Vertical Structure and WhiteHat’s process was alerting Lenovo of the problem.
Once Lenovo confirmed there was an issue, the company quickly took action:
Lenovo’s professional approach to vulnerability disclosure offers a good lesson for other organizations who experience similar challenges. Not only did they have a clearly stated vulnerability disclosure policy on their site with contact information, but they responded quickly and worked with WhiteHat and Vertical Structure to understand the nature of the problem and quickly resolve it.
In sharing this story, both WhiteHat and Vertical Structure hope companies are inspired to always keep cybersecurity top of mind to keep up with the constant barrage of new vulnerabilities and exposures.
Further details about the vulnerability and Lenovo's resolution are available at Lenovo's Website.
Email Us
email hidden; JavaScript is required
Call Us
+ 4428 9099 5777
Or send us a quick message