Dangerous backdoor in Acer laptops [Update]
Many Acer laptops have a dangerous backdoor, which can be used by websites to gain complete control over the laptop. The problem lies with the LunchApp.APlunch Active X control, which is installed by default and which heise Security found on all the Acer laptops it tested, including a brand new TravelMate, which happened to be in the c't editorial suite for testing. Visiting a test website, which was easily set up, started the Windows calculator on this system without user interaction.
Since the associated file, LunchApp.ocx, is dated 1998, it can be assumed that it has been being supplied on Acer laptops for some time. It is not clear what its original purpose was, LaunchManager is not dependent on this control. Even an Acer rep admitted to heise Security that it looked as if it had simply been forgotten. Removing it does not cause any loss of performance on the system tested.
If the control is installed, the above class ID string will be present in the registry. From Windows XP Service Pack 2 onwards it can also be found as LunchApp.APlunch under "Tools/Internet options/Programs/Manage Add-ons", where it can also be deactivated. Alternatively, you can stop it from launching from Internet Explorer using a killbit and delete or rename the file C:\windows\system\LunchApp.ocx.
The problem was reported by Tan Chew Keong back in November. Acer have confirmed to heise Security that they are working on a patch and have modified their production procedures from the second half of December. Systems currently in the warehouse may well, therefore, be affected. Acer intends to publish an official response in the next few days and to make a patch available to its customers.
Meanwhile Acer provides an official security patch to remedy this problem.
- About Acer Notebook LunchApp.APlunch ActiveX Control by Tan Chew Keong