Skip to main content

Security researchers find several high-risk bloatware bugs on popular laptops

Laptops made by five of the world’s biggest computer manufacturers are vulnerable to dangerous hacking thanks to flawed pre-installed software.

Security firm Duo Security has today published a new report from its Duo Labs division into pre-installed software, or bloatware, on laptops made by HP, Dell, Lenovo, Asus, and Acer. The security issues found with these original equipment manufacturers (OEMs) are mostly rooted in buggy updater software for pre-installed programs.

Recommended Videos

The full report found that none of the vendors took proper care in delivering software updates via a secure HTTPS line. This made it easier for would-be attackers to intercept traffic, gain access to users’ systems, and even take over computers. For example, in the report, Duo Labs stated that HP and Dell “often transmitted” files over HTTPS but Asus and Acer did not.

OEM-vendor-issues
Image used with permission by copyright holder

In the study, the researchers found a number of other security flaws specific to each OEM that could lead to arbitrary code execution, permitting the takeover of a computer.

HP had two such vulnerabilities, which Duo Labs dubbed high risk, as well five medium-to-low-risk flaws. Asus and Lenovo had one high-risk bug each and Acer had two. Dell on the other was found to have one high-risk certificate flaw.

In the case of Asus, the researchers claimed that they were able to take over a computer manufactured by the company in less than 10 minutes.

According to the Duo Labs researchers, by allowing a range of pre-installed software onto their systems before they ship, OEMs struggle to double-check the security of each little piece of software.

Before publishing its research today, Duo Labs contacted or attempted to contact the five companies involved. The research was conducted between October 2015 and April of this year.

“Updaters are an obvious target for a network attacker, this is a no-brainer. There have been plenty of attacks published against updaters and package management tools in the past, so we can expect OEM’s to learn from this, right?” the researchers said.

HP and Lenovo responded well to their concerns, they said, by patching the flaws promptly and with the latter removing the software outright. Dell did its due diligence too, they added. Asus and Acer on the other hand have not sufficiently addressed the problems, according to the firm.

Finally, theresearchers warn users to be more skeptical of laptops after they purchase them. “Wipe any OEM system, and reinstall a clean and bloatware-free copy of Windows before the system is used,” they wrote in their conclusion.

Jonathan Keane
Jonathan is a freelance technology journalist living in Dublin, Ireland. He's previously written for publications and sites…
The new Reachy Mini robot can let kids turn play into innovation
The Reachy Mini robot.

The Reachy Mini is an exciting new desktop robot aimed primarily at developers, educators, students, and enthusiasts, or basically anyone interested in creative coding.

There are actually two of them -- Reachy Mini Lite ($299) and Reachy Mini Wireless ($449) -- and both were developed by the prominent AI platform Hugging Face following its recent acquisition of Pollen Robotics. 

Read more
If you’re itching for an HP OMEN MAX gaming laptop, this deal will save you $500
The HP Omen Max gaming laptop with Valorant on the screen.

We've recently published a stunningly positive review of the HP OMEN Max 16. It's got a list of "Pros" a mile long. The single, obligatory con is "Thick and heavy." Considering that it's a gaming laptop, that's practically the equivalent of saying a flashlight is too bright to look at. Thick, and a bit heavy, just comes with the territory. All of this is to say that the review was great and we're fans of the HP OMEN Max 16. As a deal hunter it made me want to go and see if I could find a deal on the HP OMEN Max 16 and I did, sort of. Right now you can get a customizable HP OMEN Max 16t — a laptop that, if it didn't have a separate store page, I would think is identical to the one we reviewed — with a $500 discount, no matter what settings you choose. With the base settings of the laptop, that discount brings it from $2,100 to just $1,600, but you're free to upgrade to your heart's content. Tap the button below to start customizing to your whimsy or keep reading for some advice on how to do so and what to expect from the 16t.

Buy Now

Read more
Google’s AI agent ‘Big Sleep’ just stopped a cyberattack before it started
Sundar Pichai

Google's AI agent, dubbed Big Sleep, has achieved a cybersecurity milestone by detecting and blocking an imminent exploit in the wild—marking the first time an AI has proactively foiled a cyber threat. Developed by Google DeepMind and Project Zero, Big Sleep identified a critical vulnerability in SQLite (CVE-2025-6965), an open-source database engine, that was on the verge of being exploited by malicious actors, allowing Google to patch it before damage occurred. “We believe this is the first time an AI agent has been used to directly foil efforts to exploit a vulnerability in the wild,” the company said.

Why it matters: As cyberattacks surge—costing businesses trillions annually—this breakthrough shifts defense from reactive patching to AI-driven prediction and prevention. It gives security teams a powerful new tool to stay ahead of hackers, potentially saving devices and data worldwide. CEO Sundar Pichai called it "a first for an AI agent—definitely not the last" according to Live Mint.

Read more