Lenovo, one of the world’s largest laptop makers, has shocked the world recently in a very unpleasant way: it was caught pre-installing the “Superfish” malware on its brand new laptops.
I almost didn’t believe it at first, are we talking about the same brand? Sadly, we are. In a rush to make a few extra bucks, the company took a really bold move and bundled adware with its laptops.
The adware performs a sort of Man-in-the-Middle attack that intercepts the traffic and inserts advertisements that are injected into search results and websites. The adware seems to only intercept the traffic on Google Chrome and the Internet Explorer. Mozilla Firefox doesn’t seem to be affected. The reason behind this appears to be that Firefox uses it’s own certificates.
Robert Graham, the CEO of Errata Security, has written an excellent post on how he managed to extract the certificate from the Superfish adware and subsequently crack the password that encrypted it. Graham explained that the malware hijacks and opens encrypted connections, which would be exploited and used as a spyware. “The consequence is that I can intercept the encrypted communications of SuperFish’s victims (people with Lenovo laptops) while hanging out near them at a cafe wifi hotspot. Note: this is probably trafficking in illegal access devices under the proposed revisions to the CFAA, so get it now before they change the law.”
In response to this fiasco, Lenovo has issued the following statement:
“We have temporarily removed Superfish from our consumer systems until such time as Superfish is able to provide a software build that addresses these issues. As for units already in market, we have requested that Superfish auto-update a fix that addresses these issues.”
What is concerning about this situation is that from that statement, it appears that Lenovo will eventually bring the Superfish back.
The fact that Lenovo pulled this on its paying customers is a sign that the company no longer puts its customers first, profit is what guides its steps and brands like this are to be avoided.
Original article can be found here.