Security Breach: The Lowdown on Lenovo and Superfish

Security Breach: The Lowdown on Lenovo and Superfish

While Lenovo’s mobile phones seem to be doing fine, its laptops are currently under the Internet’s unforgiving scrutiny as it was revealed that a virus-like software called Superfish comes preinstalled in thousands of units.

Although some call it adware, Superfish suspiciously acts like spyware. It’s buried deep in Lenovo’s operating system that it becomes virtually undetectable by anti-virus programs. Superfish comes from an Israeli company of the same name, and it scans through websites a user sifts through in order to push the right kinds of ads. While this sounds only mildly annoying, Superfish’s access to user data can take a turn for the worse, as according to Forbes, it could “be used to intercept people’s traffic and be abused for more surreptitious means”. That comprises of encrypted and non-encrypted traffic, which includes personal information and passwords.

What’s more worrisome is that Superfish has the ability to decide which encrypted communications are legit, and for anyone who knows how to extract the software’s private key used to sign its certificate, it’s fairly easy to gain access to anyone’s personal information over free public Wi-Fi.

According to Lenovo, Superfish has only been included in some notebooks that have been shipped between September and December for online shopping purposes. However, as the news exploded all over the Internet, Lenovo has yesterday released a tool that can remove the software.

In a statement, Lenovo says:

“We ordered Superfish preloads to stop and had server connections shut down in January based on user complaints about the experience. However, we did not know about this potential security vulnerability until yesterday. Now we are focused on fixing it.”

How to Detect Superfish

If you have a Lenovo laptop, here’s what you can do to check if you’re running Superfish.

  • Open the Control Panel
  • Search for “certificates”
  • You’ll see Administrative tools and an option to “manage computer certificates”. Click on “Trusted Root Certification Authorities” followed by “Certificates”.
  • A list of certificates will appear, and if Superfish Inc. is included, download this fix.

Microsoft’s Windows Defender has also been working to search and remove the software, and has been helping with restoring proper certificates within the Windows system.

Sources: Lenovo Newsroom, Forbes, IBN Live, New York Times, The Register

Photo by Jakub Krechowicz via Free Images

Facebook Comments