Superfish: Adware computers Lenovo makes vulnerable to the user’s private data

On the latest laptops from Lenovo is a serious vulnerability that allows a software to intercept data navigation sensitive user. Within a software installed natively on some Lenovo computers lies a serious vulnerability in the system that could deliver to third parties full access to the navigation data, also private user. To be exposed passwords and other information, belonging not only to social networks or services of the web, but also to bank accounts.

Superfish is an adware that Lenovo offers natively on his latest computer, a browser add-on that allows you to automatically analyze the images and show similar products offered at lower prices. A adware is software that is self-promoted through the use of advertising proposals. It is known to be a type of software invasive but not necessarily harmful, but can be drastically harmful its implementation.

And it is unfortunately the case with Superfish: in the latest Lenovo systems, the first manufacturer in the world in terms of market share, Superfish has access to the user’s private data for advertising purposes. Adware is configured as ” Root Certificate Authority ” on Windows, or has the same permissions as the native software of Microsoft in the operating system. Creating SSL certificates ad-hoc, Superfish can indeed intercept elements even within secure connections, also analyzing sensitive data of those pages that really should be private.

kenn-white

The security expert Kenn White showed an example of the interaction of Superfish, with a certificate issued by Superfish to Bank of America, where Superfish is revealed as a Root Certificate Authority when they really should not be. And it should not be because of the nature of the program, an adware that can analyze the elements of a page, track user habits and send the results to a third party server. Everything, therefore, takes place on a secure page, where we introduce passwords and personal details of our private lives.

Accessing data of the software, users, third parties may also obtain information that is easily handled by secure connections, such as the credentials of our bank account or our account on social. This could be achieved with the creation of certificates developed ad-hoc for acceptance from Lenovo computers, or with malware developed specifically that the systems of the Chinese manufacturer might consider reliable software.

Lenovo has removed Superfish for a few weeks in January, while defending the choice of having introduced it on their computers. According to the manufacturer, the adware is not looming you nor traces habits and requires enabling the add-on at the first start of the machine. Some users have found that even after uninstalling, the computers still root certificates installed.

Superfish can be a problem if you are surfing on Chrome or Internet Explorer, while Firefox users can be considered safe. The Mozilla browser uses a Certificate Store owner on which Superfish cannot intervene. In other cases, it is good to uninstall the adware and scan with an updated anti-virus to keep safe from external threats.