Wednesday, July 31, 2024

Firmware problem on many newer ThinkPads

Many dealers in the Philippines are not aware of this problem or don't care enough to keep themselves informed, this problem is from 2019 up until 2024.


If you have stock of these models you better read on. You need to update the firmware immediately, if you have not already done it.


Or you will end up with systems that can't be repaired and Lenovo don't care about out of warranty laptops. You should also contact all the customers that you sold these models to and make sure the Firmware get updated or you might end up with a lot of angry people who want refund! 


Symptom

Systems may experience any of the following symptoms:


USB-C port not working

Intel Thunderbolt controller not visible in the OS/Device Manager

USB-C or Thunderbolt docking stations not visible or having connectivity problems

HDMI output not available

System battery not charging with a USB-C power adapter connected to the USB-C port

Intel Thunderbolt pop-up error message

Intel Thunderbolt safe mode error message

BIOS Thunderbolt communication error or hang during POST

These symptoms may occur after 6 to 12 months of typical usage.


Applicable Systems

P43s (Type 20RH, 20RJ)

P51 (Type 20MM, 20MN)

P51 (Type 20HH, 20HJ)

P51s (Type 20HB, 20HC)

P51s (Type 20JY, 20K0)

P52 (Type 20M9, 20MA)

P52s (Type 20LB, 20LC)

P53s (Type 20N6, 20N7)

P71 (type 20HK, 20HL)

T470 (Type 20HD, 20HE)

T470 (Type 20JM, 20JN)

T470s (type 20HF, 20HG)

T470s (type 20JS, 20JT)

T480 (Type 20L5, 20L6)

T480s (type 20L7, 20L8)

T490 (Type 20N2, 20N3)

T490 (Type 20RY, 20RX)

T490 (Type 20Q9, 20QH)

T490s (Type 20NX, 20NY)

T570 (Type 20H9,20HA)

T570 (Type 20JW, 20JX)

T580 (Type 20L9, 20LA)

T590 (Type 20N4, 20N5)

X1 Carbon 5th Gen - (Type 20HR, 20HQ)

X1 Carbon 6th Gen - (Type 20KH, 20KG)

X1 Carbon 7th Gen - (Type 20QD, 20QE)

X1 Carbon 7th Gen - (Type 20R1, 20R2)

X1 Yoga 2nd Gen (Type 20JD, 20JE, 20JF, 20JG)

X1 Yoga 3rd Gen (Type 20LD, 20LE, 20LF, 20LG)

X1 Yoga 4th Gen (Type 20QF, 20QG)

X1 Yoga 4th Gen (Type 20SA, 20SB)

X1 Tablet 3rd Gen (Type 20KJ, 20KK)

X280 (Type 20KF, 20KE)

X380 Yoga (Type 20LH, 20LJ)

X390 (Type 20Q0, 20Q1)

X390 Yoga (Type 20NN, 20NQ)

Yoga 370 (Type 20JJ, 20JH)


https://support.lenovo.com/ie/en/solutions/ht508988-critical-intel-thunderbolt-software-and-firmware-updates-thinkpad



Thursday, July 25, 2024

Converge Security issues - Protect yourself from intruders!

Converge ICT, one of the Major ISP's in the Philippines, has shipped ALL their Fiber ZTE F760L Modem Routers, with serious Security issues, they are listed here and below each issue, is the solution :

1. All the ZTE F760L modems come with a standard Setup password, the same on ALL the modems, and someone in Converge ICT has leaked this password to the internet, so anyone can access the modems and change whatever they want. 

This is really bad, and happened because Converge ICT careless IT Department cloned all the modems with the same Config file, and didn't bother to assign individual Password linked to each modems serial number, before shipping them out. I raised this issue with them 2 years ago, but nothing has been done to rectify the situation, they just ignored it(as usual). I have raised it with them again, but still nothing has been done. 

Solution : Access the modem on http://192.168.1.1 with 

Username admin 

Password Converge@zte123 

Go to Administration -> User User Management ->WEB User Management

Type in the standard password from Converge ICT in Old Password Converge@zte123 

Then type your New password make sure it is at least 8 characters long and has special signs. I would make it longer than 8 characters, as AI now can hack your password, since some Dumbasses carelessly made it available to anyone in the world(Google, Microsoft). 

Confirm the New password 

Click on SUBMIT in bottom right corner of the Setup screen. 

You have now saved yourself from serious future headaches. 




2. The WIFI password is written on the back of the modem, this again pose a serious Security issue, because anyone who can see the back of the modem, can access it through WIFI. 

Solution : You have to change the standard password to one of your own. 

Login into the modem on 5Ghz, as you did above, then go to Network -> WLAN Radio2.4G- > Security

Here you click the small check box next to WPA Passphrase, delete what is there and type your own WIFI password, make it longer than 8 characters and use special signs, when finished Click on SUBMIT in the bottom right corner of the screen. 

Make sure to login to 2.4Ghz with this new password and make sure to write it down. 

Next, Login into the modem on 2.4Ghz, as you did above, then go to Network -> WLAN Radio5G- > Security

Here you click the small check box next to WPA Passphrase, delete what is there and type your own WIFI password(For convenience you can use the same password as you did with the 2.4Ghz WIFI, or make a different one), make it longer than 8 characters and use special signs, when finished Click on SUBMIT in the bottom right corner of the screen. 

Make sure to login to 5Ghz with this new password and make sure to write it down. 



3. There is another security issue, Converge ICT set the modem to be able to accept any login through WIFI, all you need is the password, this is ok but this modem is not secure enough and anyone with a Password scanner app can get the Password to your WIFI, then use your internet for whatever they want, even illegal activities. Converge is aware of this, because I told them, they just don't care to fix it! 

NOTE : Be aware, the following fix means that nobody can access your WIFI unless you add them yourself! Just do the same as below, for anyone you want to add to your WIFI. 

Solution : Find your phones MAC Address either in your settings or on the Box it came in, write it down as you will need it next. Also make sure your phone is set to use Device MAC Address and not Randomized MAC Address. 

Login to your WIFI as 5Ghz, go to Network -> WLAN Radio2.4G -> Access Control List and change the Mode from Disabled to Permit.

In the small boxes below add your MAC Address and click on Add, then click on SUBMIT. Make sure you can connect to the 2.4Ghz WIFI and then continue to next step. 

If you can't connect, make sure your MAC Address is correct in the list below, if not then add the correct MAC Address and delete the wrong one. 

Now login to the 2.4Ghz WIFI, go to Network -> WLAN Radio5G -> Access Control List and change the Mode from Disabled to Permit.

In the small boxes below add your MAC Address and click on Add, then click on SUBMIT. Make sure you can connect to the 5Ghz WIFI. 

NOTE : If your Phone has different MAC Addresses for 2.4Ghz and 5Ghz, make sure to use the correct ones. Most cheap phones only have 1 MAC Address. 


4. Converge ICT left the modem open to hackers, by not enabling Anti-Hacking Protection, I seriously don't understand this one, it means that anyone can hack your modem. A friend of mine has 21 unwanted users on his WIFI, I will be going there to fix that in the near future. 

Solution : Go to Security -> Firewall and put a check in Enable Anti-Hacking Protection, then click on SUBMIT. 



This what you can expect from Converge ICT, I can't recommend anyone to chose them as their ISP, their service level is good in the start, but after some time its really bad. 

If you have issue with your connection, you might have to contact them 20 times before they fix it - IF they fix it - I am 3 months in a service, or lack of, that should have been fixed on April 23(they came April 28), my Fiber cable has a break that show up in strong wind, and only strong wind, so it can't be detected in their office or on the modem, because its Random and only for a few seconds to minutes. But it break any up/download! Support never read what I write, always assign new case numbers, and every new Agent have me do stupid shit to troubleshoot, which I have done 20 times before. 


Stay safe and have a nice day😉