Mobile Button

Product Security

In designing our products and services, Acer strives to comply with the highest safety standards. To protect our customers and their data more thoroughly, we welcome security researchers, academic staff, and others from the security community to provide any information about potential security vulnerabilities that they may have. We work with those who raise major security vulnerabilities and confirm all relevant reports. 

We work with partners, industry, and the security community to resolve vulnerabilities. When notified of a suspected vulnerability, we conduct a thorough investigation and, if confirmed, work with the person who submitted the issue to remedy it, while also coordinating the public release of the information. Generally speaking, security vulnerabilities mostly arise from independent hardware suppliers (IHVs) such as Intel, AMD, and Nvidia, or Microsoft operating systems and applications. Upon receiving reports, Acer will provide consumers with ways to patch vulnerabilities. Our website at community.acer.com also provides us with various ways to respond to information security weaknesses. For example, researchers identified a vulnerability in the Baseboard Management Controller (BMC) that could be exploited by attackers to accomplish remote code execution. Acer works closely with suppliers to limit risk through security best practices, restricted privileges, and updates the BMC and CMC firmware to address BMC firmware vulnerabilities affecting certain products. 

Acer uses only the latest software versions available on our website to verify reproducible vulnerabilities. In 2021, through this website we received 45 vulnerabilities related to Acer websites or software, of which four were confirmed to be genuine and fixed immediately. In addition, we have also published information and solutions on our website in response to Intel’s announced security vulnerability. 

Acer is committed to ensuring that our products are protected against attacks throughout the supply chain life cycle, from parts procurement and manufacturing to transportation, service, and recycling. We require all suppliers to comply with the requirements to reduce the risk of counterfeiting, malware, and tampering.

Acer strives to create the safest designs for users, including but not limited to the following measures:

  • Hardware 
    In terms of hardware design, we employ the Trusted Platform Module (TPM) 2.0 standard, an international standard for a secure cryptoprocessor that can reduce the risk of hackers trying to seize passwords and encryption keys for sensitive data; Kensington locks, which can physically protect data by making machines difficult to steal; a selection of security screws for desktop computers, preventing users from easily opening cases and stealing internal parts; and System Health Indicators for desktop computers, which will flash a red indicator on the power button immediately upon the detection of an abnormality to alert the user and remind them to carry out proper inspections of the system. If the user cannot access the system, they can also enter the system indicator status in the Acer Control Center and BIOS. 
     
  • Software
    In terms of software, 2021’s Acer ProShield Plus provides a secure personal storage area and file encryption and destruction. Users can set up alerts to record invalid logins, and the system will also send e-mail alerts. Once access is disabled, the user will be regarded as an intruder and their image recorded by camera and logged in the security report. Users can set the protection status for each browser (Edge, Chrome, Firefox) and once Windows Hello authentication fails, the user’s data (bookmarks, accounts, passwords) will be locked. On the software side we continue to work to protect customer information with, Acer Control Center and Acer Care Center, enabling users to connect to the Acer support infrastructure for all their support needs, including a full range of services, inspections, and updates to ensure equipment is up-to-date and running smoothly; Acer Office Manager (AOM) enables offices without dedicated IT staff to effectively directly control and maintain the computers of various users across the company, as well as to monitor devices and platforms throughout the enterprise ecosystem; Norton Antivirus can detect potential threats and remove them; and, for desktop computers, there is a USB Device Filter that can set USB restrictions applied to company staff based on the needs of the particular company: read-only, mice/keyboards only, or no restrictions at all. 
     
  • Firmware 
    Hard drives can be password-protected, preventing unauthorized access to user drives, while OPAL provides even stricter protection.