Jump to content

Lenovo laptops may have nasty factory installed malware


Recommended Posts



Just the update, if you have a Lenovo in this timeframe read the whole thing and clean your system. If you have friends with one you might pass this along.



[update: Lenovo has released a statement saying Superfish was installed on consumer laptops shipped between October and December 2014. The manufacturer said it stopped preloading Superfish in January 2015 and has no plans to resume the practice. Amazingly, the company said it did "not find any evidence to substantiate security concerns," but added that it's responding to them anyway. People who are concerned their PC may contain this critical vulnerability can check at https://filippo.io/Badfish/. The website was designed by one of the same researchers who published a site to scan websites for the catastrophic Heartbleed weakness in OpenSSL.]

Superfish presumably installs the root certificates so it can inject ads into encrypted Web pages. By many people's standards, that's bad. But adware that breaks HTTPS connections and may make users vulnerable to man-in-the-middle attacks that are trivial to carry out is orders of magnitude worse. Stay tuned. We'll all be hearing much more about the Superfish debacle in the days and weeks ahead.


The reaction from Lenovo is not a good one, it implies a very deep lack of understanding that is scary for the company that has taken over the IBM PC and laptop manufacturing business and gotten the access that IBM's trusted reputation gave them to be this tone deaf.

Link to comment
Share on other sites

One more article A couple more articles,






Updated to add

It's claimed the Komodia proxy server used by the Superfish adware is worse than previously thought: any man-in-the-middle attacker can create a spoof HTTPS website that is trusted by laptops with the Superfish root CA certificate installed, without having to use the extracted private key. Self-signed SSL certificates are converted into valid ones, we're told.

"All the users out there with Komodia-powered Parental Control software or adware [can] have their banking connections easily intercepted. Well, good job," says CloudFlare security bod Filippo Valsorda.

"It's catastrophic. It's the only way all this mess could have been even worse."



Edit, wrong topic for second article...

Link to comment
Share on other sites

  • 2 weeks later...

Good reading and ideas in this article:





Lenovo pre-installing Superfish software was a security disaster. Whether Lenovo was evil, or, as they eventually claimed, merely incompetent, it's hard to trust them going forward. If nothing else, their initial denials that anything was wrong, leave a lasting impression. Of course, Superfish, along with the software that they bundled from Komodia, also deserve plenty of blame for breaking the security of HTTPS and SSL/TLS.

Taking a step back however, blame also falls on our web browsers.
Google (Chrome), Microsoft (Internet Explorer), Apple (Safari) and Mozilla (Firefox) enable the security hack that Superfish and others such as PrivDog and Gogo engage in. They do this by omission, not commission.
Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

This topic is now closed to further replies.
  • Create New...