SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
23 Feb 2015

Lenovo is accused of installing adware on new PCs

Lenovo, the largest PC manufacturer in world, has been accused of fatally compromising user security by installing an adware application on all its Windows computers as they leave the factory.

The software, called Superfish, purports to offer users a “visual search” experience. In actual fact, it injects third-party advertisements into Google search results and websites, without asking the user.

In order to place adverts on websites served to the user over an encrypted connection, as Google does by default, Lenovo owners report that Superfish software also breaks social security used by every computer to access the internet privately. Even if the user removes the adware from their computer, the artificial security hole stays active. It leaves any Lenovo user permanently open to a “man in the middle” attack any time they use a public Wi-Fi network, letting an eavesdropper read users’ web browsing at will.

A representative for the company posted on its forums to confirm that it had stopped installing Superfish by default on new computers, “until such time as Superfish is able to provide a software build that addresses these issues.” “To be clear, Superfish comes with Lenovo consumer products only and is a technology that helps users find and discover products visually,” the representative continued. “The technology instantly analyses images on the web and presents identical and similar product offers that may have lower prices, helping users search for images without knowing exactly what an item is called or how to describe it in a typical text-based search engine.”

Users had been complaining about Superfish on Lenovo’s forums since September 2014, but it took until late January for the Chinese firm, which leads the PC market in terms of units sold, to respond. In the fourth quarter of 2014 alone, the company sold 16 m PCs, including the hugely popular ThinkPad range, which it bought from IBM in 2005.

Advertisement

But users report that even if they decline the licence agreement, the software remains installed and even if the software is uninstalled, the security hole it opens up remains active. “When using Superfish for the first time, the user is presented the Terms of User [sic] and Privacy Policy, and has the option not to accept these terms, ie Superfish is then disabled.”

Lenovo told in a message that: “Lenovo removed Superfish from the preloads of new consumer systems in January 2015. At the same time Superfish disabled existing Lenovo machines in market from activating Superfish. Superfish was preloaded onto a select number of consumer models only. Lenovo is thoroughly investigating all and any new concerns raised regarding Superfish.”

New root certificate

In order to put adverts in encrypted pages, Superfish installs a “root certificate” on users’ computers. Typically, when a user visits an encrypted page over an HTTPS connection, like an e-commerce or banking website, their computer uses the certificate of the page they’re viewing to encrypt the connection, hiding it from eavesdroppers. In order to check that the site’s certificate is valid, the computer looks to see whether it is verified by one of a few trusted “certificate authorities”, large security companies such as Symantec or Comodo.

But the new certificate installed on Lenovo computers by Superfish lets the company replace the website’s security, with its own, so that it can insert adverts and pop-ups in the user’s browsing. The private key of the certificate has already been extracted from a compromised computer. Security researcher Robert Graham managed to retrieve the information less than a day after the news broke. The key was protected with the password “komodia”, the name of a company which provides SSL hijacking software.

The information extracted by Graham can now be used to break the security on every compromised Lenovo computer. This leaves infected users essentially open to any eavesdropping if they are using the net on a public Wi-Fi account, and also enables future malware authors to convince Lenovo owners that their software is produced by a trusted vendor, such as Microsoft.

Rik Ferguson, head of security research at Trend Micro, said that “it is quite simply unacceptable to surreptitiously and without consent undermine the basic security of HTTPS by employing man-in-the-middle techniques, or any other techniques for that matter. Chris Boyd, Malware Intelligence Analyst at Malwarebytes, recommended that “in this particular case, anybody affected should uninstall the Superfish software then type certmgr.msc into their Windows search bar – from there, they can find and remove the related root certificate.”

Users can check whether they are affected by using Badfish, a tool built by coder Filippo Valsorda. Superfish has not responded to requests for comment. While it’s easy to call an ad that redirects to malware a malicious one, it is often hard to differentiate between fraudulent and legitimate online ads. There are some tips on how to protect personal information from malicious or fraudulent ads.

Tags:
Lenovo China information leaks malvertising Superfish
Source:
The Guardian
2791
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015