Thursday, 19 February 2015

Lenovo Installing 'Superfish" Adware In Computers That Compromises Your Security


According to reports, Lenovo is shipping its PCs with an software 'Superfish' that act likes an adware and effects Mozilla Firefox, Google Chrome and Internet Explorer browsers on websites and Google search. The Softwars is spamming third-party ads via pop-ups on Google searches and website without the user's consent.

Superfish, appears to install a man-in-the-middle certificate where the certificate allows the software to decrypt secure requests and allows third parties to peek at secure websites you are visiting.

The existence of the superfish adware on Lenovo PCs was explained by Mark Hopkins, Lenovo Community Administrator on the Lenovo forums-

"To be clear, Superfish comes with Lenovo consumer products only and is a technology that helps users find and discover products visually. The technology instantly analyzes images on the web and presents identical and similar product offers that may have lower prices, helping users search for images without knowing exactly what an item is called or how to describe it in a typical text-based search engine... The Superfish Visual Discovery engine analyzes an image 100 percent algorithmically, providing similar and near identical images in real time without the need for text tags or human intervention. When a user is interested in a product, Superfish will search instantly among more than 70,000 stores to find similar items and compare prices so the user can make the best decision on product and price."

Users are also reporting that the sofware uses a self-signed root certificate that makes it look legitimate to the web browser, allowing it to collect data over secure web connections (SSL/TLS).

Lenovo has been installing Superfish on its PCs since September last year. Late last month, Lenovo admitted that it was installing Superfish on its machines and stated that it "temporaily removed" it from new PC's due to its browser add-on issues until Superfish developer's could release a software update that addresses the problems. 

Source : Engadget

No comments:

Post a Comment