Lenevo Laptops Comes with Pre-installed "SuperFish" Malware.
One of the most popular and well known computer manufacturers Lenovo is being criticized for selling laptops with pre-installed invasive malware/software/adware known as SuperFish. As per Lenovo its a software. What does this software do? The software, dubbed ‘Superfish Malware’, analyzes user's Internet habits and injects third-party advertising into websites on browsers such as Google Chrome and Internet Explorer based on that activities without the user’s permission.
It has also been said that the SuperFish malware is present into those laptops which were sold bedore January 2015. The malware gets activated when you first take it out of the box and the adware gets activated. Since it is pre-installed with laptop the user might think it as an default installed software and uses it without any information.
There are reports that Superfish is carrying out what's known as a "Man In The Middle" (MitM) attack - impersonating the security certificates of encrypted websites to let it serve up its ads. This potentially compromises the sensitive information of any customer affected by Superfish. This would trouble Lenovo users because MitM attack can open a door for hackers to potentially compromise the sensitive information of any customer affected by Superfish - like passwords or banking details.
Anyone with the password that unlocks that single password-protected certificate authority would be able to completely bypass the computer's web encryption. As per said by Lenovo, they have provided a list of series of laptops on which this malware can be found. Go through the list below:
Superfish may have appeared on these models:
Even though Hopkins claims that the company has stopped installing the software on computers, it appears the arrangement is only "temporary" until the company behind the software introduces a few tweaks that will get rid of those unwanted pop-ups. That being said, reports of Superfish being pre-loaded on Lenovo computers have appeared on forums as early as mid-2014.
"We messed up badly here," Peter Hortensius, Lenovo's chief technology officer, said in an interview. "We made a mistake. Our guys missed it. We're not trying to hide from the issue -- we're owning it." Superfish, on the other hand, said in a statement that the company is "completely transparent in what our software does and at no time were consumers vulnerable."
In my next post i will give you the details on how to check if your laptop is affected by SuperFish malware. Also will provide other ways of removing it using some manual process.
This is just to let you know that, this isn't first time, in past the computer giant was caught installing malware backdoors in its products and was also banned by different countries for same reasons.
In the mid of 2013, the spy agencies - the ‘five eyes’ alliance of the US, Britain, Canada, Australia, and New Zealand - banned Lenovo for allegedly installing backdoor into Lenovo-brand circuit boards, along with other vulnerabilities discovered into the firmware.
Cheers!!!
It has also been said that the SuperFish malware is present into those laptops which were sold bedore January 2015. The malware gets activated when you first take it out of the box and the adware gets activated. Since it is pre-installed with laptop the user might think it as an default installed software and uses it without any information.
There are reports that Superfish is carrying out what's known as a "Man In The Middle" (MitM) attack - impersonating the security certificates of encrypted websites to let it serve up its ads. This potentially compromises the sensitive information of any customer affected by Superfish. This would trouble Lenovo users because MitM attack can open a door for hackers to potentially compromise the sensitive information of any customer affected by Superfish - like passwords or banking details.
Anyone with the password that unlocks that single password-protected certificate authority would be able to completely bypass the computer's web encryption. As per said by Lenovo, they have provided a list of series of laptops on which this malware can be found. Go through the list below:
Superfish may have appeared on these models:
- G Series: G410, G510, G710, G40-70, G50-70, G40-30, G50-30, G40-45, G50-45
- U Series: U330P, U430P, U330Touch, U430Touch, U530Touch
- Y Series: Y430P, Y40-70, Y50-70
- Z Series: Z40-75, Z50-75, Z40-70, Z50-70
- S Series: S310, S410, S40-70, S415, S415Touch, S20-30, S20-30Touch
- Flex Series: Flex2 14D, Flex2 15D, Flex2 14, Flex2 15, Flex2 14(BTM), Flex2 15(BTM), Flex 10
- MIIX Series: MIIX2-8, MIIX2-10, MIIX2-11
- YOGA Series: YOGA2Pro-13, YOGA2-13, YOGA2-11BTM, YOGA2-11HSW
- E Series: E10-30.
Even though Hopkins claims that the company has stopped installing the software on computers, it appears the arrangement is only "temporary" until the company behind the software introduces a few tweaks that will get rid of those unwanted pop-ups. That being said, reports of Superfish being pre-loaded on Lenovo computers have appeared on forums as early as mid-2014.
"We messed up badly here," Peter Hortensius, Lenovo's chief technology officer, said in an interview. "We made a mistake. Our guys missed it. We're not trying to hide from the issue -- we're owning it." Superfish, on the other hand, said in a statement that the company is "completely transparent in what our software does and at no time were consumers vulnerable."
In my next post i will give you the details on how to check if your laptop is affected by SuperFish malware. Also will provide other ways of removing it using some manual process.
This is just to let you know that, this isn't first time, in past the computer giant was caught installing malware backdoors in its products and was also banned by different countries for same reasons.
In the mid of 2013, the spy agencies - the ‘five eyes’ alliance of the US, Britain, Canada, Australia, and New Zealand - banned Lenovo for allegedly installing backdoor into Lenovo-brand circuit boards, along with other vulnerabilities discovered into the firmware.
No comments: