Superfish adware could expose your secure web traffic to hackers
It has recently come to light that the computer manufacturer Lenovo has been shipping laptop computers since September 2014 that are intentionally preloaded with a form of adware that not only serves the user with intrusive ads during searches, but dangerously compromises the security of their web browsing sessions. Anyone who has purchased a Lenovo laptop in this time should follow the steps outlined in this article to determine if they are affected by the security breach.
The source of the problem is a piece of software known as Superfish, which injects product recommendations into users shopping queries. Such intrusive behavior would be bad enough, but it does so by installing a self-signed root certificate on the system and resigning all HTTPS traffic with this fraudulent certificate in order to inject ads into encrypted sites without the underlying browser detecting the hack. Essentially, Superfish acts as a “man-in-the-middle” between a user any secure site they access, such as an online bank, substituting its own phony certificate for the banks and potentially exposing the users data to hackers and identity thieves.
Worst of all, all the Superfish certificates appear to be signed with a single weak encryption key, rather than unique keys for each user. This key has since been broken, thus potentially exposing ALL effected Lenovo laptops to attack and surveillance. Class action lawsuits have already been launched against Lenovo over the matter.
There is some good news. Windows Defender has already been updated to remove the offending software and its root certificate. You can find out if your system is impacted by the Superfish vulnerability by following this link. (https://lastpass.com/superfish/)
You can also manually remove the certificate by using Windows search to look up certmgr.msc, browse to the Trusted Root Certification Authorities folder, and delete the Certificate for Superfish Inc.
Furthermore, if you find that your system has been affected, you would be advised to change the passwords to any secure websites you have accessed, such as your online bank, for added security.
Potentially effected models of Lenovo Computers:
G Series: G410, G510, G710, G40-70, G50-70, G40-30, G50-30, G40-45, G50-45, G40-80
U Series: U330P, U430P, U330Touch, U430Touch, U530Touch
Y Series: Y430P, Y40-70, Y50-70, Y40-80, Y70-70
Z Series: Z40-75, Z50-75, Z40-70, Z50-70, Z70-80
S Series: S310, S410, S40-70, S415, S415Touch, S435, S20-30, S20-30Touch
Flex Series: Flex2 14D, Flex2 15D, Flex2 14, Flex2 15, Flex2 Pro, Flex 10
MIIX Series: MIIX2-8, MIIX2-10, MIIX2-11, MIIX 3 1030
YOGA Series: YOGA2Pro-13, YOGA2-13, YOGA2-11, YOGA3 Pro
E Series: E10-30
Edge Series: Edge 15
Sean Kirby is a Client Support Specialist at Triella, a technology consulting company specializing in providing technology assessments, consulting, maintenance services and CIO-related services to small and medium sized firms. Sean can be reached at 647.426.1004. Triella is a Citrix Partner, VMware Partner, Microsoft Small Business Specialist, Microsoft Silver Partner, Dell Preferred Partner, BlackBerry Alliance Partner and Authorized Worldox Reseller.
© 2015 by Triella Corp. All rights reserved. Reproduction with credit is permitted.