Connect with us

Hi, what are you looking for?

Tech & Science

Lenovo secretly installed Superfish adware on new computers

Ars Technica reports the Chinese multinational is selling computers with pre-installed adware that hijacks encrypted web sessions and leaves users vulnerable to HTTPS man-in-the-middle attacks—in which an attacker to have the ability to both monitor and alter or inject messages into a communication channel—that are easy for attackers to carry out.

Made by a company called Superfish, the adware is essentially an Internet browser add-on that inserts advertisements on websites visited by users. The ads pop up when users hover over certain images on a website. This has been reported by users of Microsoft Internet Explorer and Google Chrome.

The add-on is a serious threat that takes up computer space and, more importantly, undermines important security protocols.

Lenovo identified 43 of its models that were affected by the malware, including some of its Flex, E-, G-, S-, U-, Y- and Z-series laptops and several Miix and Yoga tablets.

“This is exactly what bad guys do with trojans and other malicious software to trick users to access fake sites to surveil/monitor private communications,” Kevin Bocek, an executive at cybersecurity company Venafi, told CNN Money.

Lenovo faced tough questions about why and for how long it had installed the malware on its computers, and what data was collected.

“Superfish was previously included on some consumer notebook products shipped in a short window between September and December to help customers potentially discover interesting products while shopping,” Lenovo said in a statement. “However, user feedback was not positive, and we responded quickly and decisively.”

The company said it has taken the following three steps:

-Superfish has completely disabled server side interactions (since January) on all Lenovo products so that the product is no longer active. This disables Superfish for all products in market.

-Lenovo stopped preloading the software in January.

-We will not preload this software in the future.

The San Francisco-based digital rights group Electronic Frontier Foundation (EFF) has published instructions on how owners of Lenovo computers can remove Superfish.

Written By

You may also like:

Tech & Science

Radiolab focuses on investigative journalism into science, tech and even legal history. Continuing with over 200 episodes.

Business

The report details the output from AI systems used to identify critical trends shaping the future of AML and financial crime prevention.

World

A couple looks out at the southern lights on the outskirts of Christchurch in New Zealand - Copyright AFP Sanka VidanagamaDaniel LawlerScientist Jim Wild...

World

Nobel Peace Prize winner Nihon Hidankyo is a group of survivors of the US nuclear bombings of the Japanese cities of Hiroshima and Nagasaki.