Lenovo Laptops Pre-installed with Superfish Security Breach

Lenovo Laptops Come with Superfish Security Breach Pre-Installed


Any Lenovo laptop purchased since August may have come with a prepackaged adware bundle that includes malicious software. One specific adware included in the bundle is known as VisualDiscovery by Superfish, it monitors web traffic while the user is shopping, this data is then used to serve up similar ads to the images that were being browsed in the form of pop up ads. Experts have determined that the VisualDiscovery adware acts as a man in the middle attack, by placing a certification authority (CA) root certificate into the Windows list of trusted root certification authorities.  






Lenovo Superfish Adware Detection




Man in the Middle Attack



In the computer security world, a man-in-the-middle attack (MITM, MitM or MITMA) is when a malicious third party attacker gets between the sender and receiver of information and sniffs any data that is sent.  Sniffing allows individuals to capture data as it is transmitted over a network. This procedure is used by malicious users to capture private data such as passwords and usernames. This data can then be used to gain access to the victim’s system or network. In some cases this kind of security breach can allow the attacker to secretly relay information on behalf of either party. This method of attack can even alter the communication between the sender and receiver, as they have no knowledge of this malicious interaction and believe they are communicating directly with each other.















Lenovo’s pre-installed package with VisualDiscovery is proving to be a security nightmare for affected customers.  This software acting as a man-in-the-middle certificate authority, hijacks every SSL session the computer makes. The SSL (Secure Sockets Layer) is a networking protocol that manages authentications between servers and clients and the encrypted data transfer between them.






With the fraudulent certificate configured to be included in the Windows list of trusted root certification authorities, the malware can act as a trusted proxy and carry out a man in the middle attack. When a secure connection is made it is intercepted by Superfish’s adware. VisualDiscovery sets up a separate connection to the targeted server and generates a certificate for the browser user to authenticate. This enables the user to have a secure connection to Superfish and for Superfish to have a secure connection to the targeted server.Lenovo shipped all the consumer model laptops from October 2014 to December 2014 with Superfish’s adware, VisualDiscovery. Lenovo has stopped using the Superfish software and have published instructions for removal.











Click Below:



Remove Superfish Adware



If you are a Lenovo user and are not aware if you are affected, you can test here:




Click Below:



Superfish Checker