This site uses cookies to improve your experience and to provide services and advertising. By continuing to browse, you agree to the use of cookies described in our Cookies Policy. You may change your settings at any time but this may impact on the functionality of the site. To learn more see our Cookies Policy.
OK
Dublin: 11 °C Monday 24 February, 2020
Advertisement

If you bought a Lenovo laptop recently, you may want to check it soon

It could have software called Superfish, and it contains some major security flaws (but you can remove it).

Image: AP Photo/Andy Wong

IF YOU’VE BOUGHT a Levono device in recent times, then it may have come with adware known as Visual Discovery by Superfish, and it’s a major problem.

Effectively, Superfish is a software add-on which serves to bring up extra ads while you’re browsing a site, even if it’s a secure HTTPS site.

However, the flaws in its security would allow any hacker to carry out man-in-the-middle attacks, which allows them to both intercept messages as well as alter them or include their own messages. This means that private and secure information like passwords, financial details and personal information could be intercepted.

Superfish wasn’t intended as malware. Lenovo has said it was designed to show targeted ads by analyzing images of products that a user might see on the web and then presenting “identical and similar product offers that may have lower prices.” Lenovo said the software doesn’t track users or collect any identifying information.

But some users initially complained the software shows unwanted “pop-up” ads. And this week, several independent experts reported that Superfish works by substituting its own security key for the encryption certificates that many websites use to protect users’ information. “This means that anyone affected by this adware cannot trust any secure connections they make,” researcher Marc Rogers wrote on his blog.

What’s worse, experts said, is that Superfish appears to re-use the same encryption certificate for every computer, which means a hacker who cracked the Superfish key could have broad access to a variety of online transactions.

The CEO of Errata Security, Robert Graham discovered that it allowed him to intercept encrypted communications of anyone using Superfish by being near them at a cafe WiFi hotspot.

In a statement, Lenovo said it stopped the preloads back in January models and listed the models Superfish would have appeared on.

We thought the product would enhance the shopping experience, as intended by Superfish. It did not meet our expectations or those of our customers. In reality, we had customer complaints about the software.  We acted swiftly and decisively once these concerns began to be raised. We apologize for causing any concern to any users for any reason – and we are always trying to learn from experience and improve what we do and how we do it.

How to remove it

If you do own a Lenovo computer and want to remove it, there are a few methods to use. The easiest way to check is to use a web service from password manager LastPass, which will tell you if your computer is safe or not.

If you do have it installed, then it details how exactly you can uninstall both the programme and the certificates it uses. Even if it comes up as safe, it’s worth delving into control panel just to be on the safe side.

Once that’s done, it’s recommended that you change your passwords to any online services that you use. You could use a password manager like LastPass to create more complex passwords or other services like 1Password or KeePass.

(Additional reporting by AP)

Read: Uber thinks it can deliver your takeaway in ten minutes >

Read: This is why Snapchat fully deserves a €16 billion valuation >

  • Share on Facebook
  • Email this article
  •  

About the author:

Quinton O'Reilly

Read next:

COMMENTS (23)

This is YOUR comments community. Stay civil, stay constructive, stay on topic. Please familiarise yourself with our comments policy here before taking part.
write a comment

    Leave a commentcancel