Lenovo Laptops Pre-installed with Superfish Security Breach

Lenovo Laptops Come with Superfish Security Breach Pre-Installed

 

Any Lenovo laptop purchased since August may have come with a prepackaged adware bundle that includes malicious software. One specific adware included in the bundle is known as VisualDiscovery by Superfish, it monitors web traffic while the user is shopping, this data is then used to serve up similar ads to the images that were being browsed in the form of pop up ads. Experts have determined that the VisualDiscovery adware acts as a man in the middle attack, by placing a certification authority (CA) root certificate into the Windows list of trusted root certification authorities.  

 

 

 

 

 

Lenovo Superfish Adware Detection

 

 

 

Man in the Middle Attack

 

 

In the computer security world, a man-in-the-middle attack (MITM, MitM or MITMA) is when a malicious third party attacker gets between the sender and receiver of information and sniffs any data that is sent.  Sniffing allows individuals to capture data as it is transmitted over a network. This procedure is used by malicious users to capture private data such as passwords and usernames. This data can then be used to gain access to the victim’s system or network. In some cases this kind of security breach can allow the attacker to secretly relay information on behalf of either party. This method of attack can even alter the communication between the sender and receiver, as they have no knowledge of this malicious interaction and believe they are communicating directly with each other.

 

 

 

 

 

 

 

 

 

 

 

superfish

 

 

Lenovo’s pre-installed package with VisualDiscovery is proving to be a security nightmare for affected customers.  This software acting as a man-in-the-middle certificate authority, hijacks every SSL session the computer makes. The SSL (Secure Sockets Layer) is a networking protocol that manages authentications between servers and clients and the encrypted data transfer between them.

 

 

 

 

 

With the fraudulent certificate configured to be included in the Windows list of trusted root certification authorities, the malware can act as a trusted proxy and carry out a man in the middle attack. When a secure connection is made it is intercepted by Superfish’s adware. VisualDiscovery sets up a separate connection to the targeted server and generates a certificate for the browser user to authenticate. This enables the user to have a secure connection to Superfish and for Superfish to have a secure connection to the targeted server.Lenovo shipped all the consumer model laptops from October 2014 to December 2014 with Superfish’s adware, VisualDiscovery. Lenovo has stopped using the Superfish software and have published instructions for removal.

 

 

 

 

 

 

 

 

 

 

Click Below:

 

 

Remove Superfish Adware

 

 

If you are a Lenovo user and are not aware if you are affected, you can test here:

 

 

 

Click Below:

 

 

Superfish Checker

 

 


References:

https://forums.lenovo.com/t5/Lenovo-P-Y-and-Z-series/Removal-Instructions-for-VisualDiscovery-Superfish-application/ta-p/2029206

 

https://filippo.io/Badfish/

 

What You Need to Know About Superfish, The Man-in-the-Middle Adware Installed on Lenovo PCs

 

Superfish Joins the MITM Club

 

http://searchsecurity.techtarget.com/definition/Secure-Sockets-Layer-SSL
http://en.wikipedia.org/wiki/Man-in-the-middle_attack