Superfish Adware Put Lenovo Users at Risk

Per an article by ArsTechnica last week, Lenovo is selling computers with adware preinstalled that hijacks encrypted web sessions, making users vulnerable to HTTPS man-in-the-middle attacks.

The adware comes from a company called Superfish, designed to inject ads into web pages. But it is more nefarious than that. The software literally acts as a middle man, standing between you and the sites you visit. It does this by installing a self-signed root certificate authority (CA) into your browser that can intercept traffic for every HTTPS website you visit, allowing an attacker to spoof websites you log into.

According to a statement by Lenovo, the software was only installed on machines that shipped between September and December of last year and was removed in January. The statement also mentions that Superfish has disabled server side interaction since January, so that the product is no longer active.

This issue with Superfish was overlooked until last week. This week, Microsoft updated Windows to remove the Superfish software (learn more in the article below: “Microsoft Security Updates for February”). Lenovo has also issued a tool that removes the software.

This test will tell you if you have a problem with Superfish.

Read the Superfish story in the news.

Read the US-CERT alert.


About MIT
IT Security Awareness Consultant and Communications Specialist at MIT

Comments are closed.

%d bloggers like this: