Lenovo Help Mobile App Transmits Information Over HTTP - Lenovo Support US

Lenovo Security Advisory: LEN-20475

**Potential Impact:**Exposure of user-identifiable information

Severity: High

Scope of Impact: Lenovo-specific

CVE Identifier: CVE-2017-3776

Summary Description:

The Lenovo Help Android app assists users with support for Lenovo devices. This requires transmitting various user-specific information to Lenovo servers, such as device IDs and e-mail address, to get the right information to customers. Earlier versions of the app transmitted this information over an HTTP channel, permitting others observing the channel to potentially see this information.

Mitigation Strategy for Customers (what you should do to protect yourself):

Update the Lenovo Help app to version 6.1.2.0327 or later available in the Google Play app store.

Acknowledgement:

Lenovo thanks Roman Unuchek, Senior Malware Analyst, Kaspersky Lab for reporting this issue.

References:

<https://play.google.com/store/apps/details?id=com.lenovo.serviceit&gt;

For a complete list of all Lenovo Product Security Advisories, click here.

Revision History:

Revision

|

Date

|

Description

—|—|—

1

|

2018-04-17

|

First published

For the most up to date information, please remain current with updates and advisories from Lenovo regarding your equipment and software. The information provided in this advisory is provided on as “as is” basis without any warranty or guarantee of any kind. Lenovo reserves the right to change or update this advisory at any time.