US Government Warns Users To Remove Lenovo’s Superfish

The US Government has advised the public to remove Superfish, an advertising program pre-installed on some Lenovo laptops, saying it introduces a security vulnerability.

Meanwhile, Facebook security researchers said they have discovered more than two dozen “suspicious” programs that use the same insecure library found in Superfish. Microsoft on Friday released an update for Windows Defender that removes Superfish.

The US Department of Homeland Security on Friday issued an alert saying that the software makes computers vulnerable to SSL spoofing, a type of man-in-the-middle (MITM) attack, which allows an attacker to imitate a trusted Internet source such as a website.

“Systems that came with the software already installed will continue to be vulnerable until corrective actions have been taken,” the department stated.

Lenovo began to bundle Superfish ad software with some of its laptops in September of last year, using it to alter users’ search results, and said it removed the software from its products in January due to user complaints over the intrusiveness of the tool.

However, last week it was disclosed that the software involved includes a library from Israel-based Komodia to modify the Windows networking stack in order to intercept users’ Internet communications, including those protected by Secure Sockets Layer (SSL) encryption.

Attack technique

The Komodia library uses an interception technique that is inherently insecure, according to security researchers – the installation of a new root Certificate Authority (CA) that is the same across all systems – in part because that CA could potentially be obtained and used by an attacker.

“By reusing the same certificate, a bad actor could potentially obtain that CA file and perform ‘man-in-the-middle’ attacks on untrusted networks like public Wi-Fi, set up authentic-looking phishing pages, or sign software that makes people vulnerable to other malicious code as they browse the Internet,” wrote Matt Richard, a Threats Researcher on the Facebook Security Team, in an advisory. “In this case, the certificate used by the Superfish software is relatively easy to extract.”

Richard said Facebook has found more than two dozen applications using the Komodia library in question, many of which appear to be “suspicious” adware. The company also found programs categorised as malware, including a program identified by Symantec as Trojan.Nurjax, that use the same Komodia library.

Data ‘hijacking’

Superfish was founded in Israel in 2006 by co-founders Adi Pinhas, whose background is in computer surveillance, and Michael Chertkof, a data-mining specialist, and is now based in Palo Alto, California. The company said the vulnerability was introduced “inadvertently” by Komodia.

Komodia’s website describes its technology as a “hijacker” that allows “easy access to the data and the ability to modify, redirect, block, and record the data without triggering the target browser’s certification warning”.

Lenovo apologised for the “concerns” caused by its use of the software and said it is releasing a tool to automatically remove Superfish.

“We did not know about this potential security vulnerability,” Lenovo said in a statement. “We recognize that this was our miss, and we will do better in the future. Now we are focused on fixing it.”

Lenovo concerns

Lenovo said the software was installed only on “select” computers, but didn’t estimate the number of systems affected. The systems include laptops in the Yoga, Flex and MiiX lines and the E, G, U, Y and Z series.

In 2013 it was revealed that Lenovo computers were allegedly banned from use by the British government. The ban was brought into place in the mid-2000s following lab testing which found back doors and security flaws in Lenovo hardware.

Lenovo PCs and laptops have also been banned from use in the defense sectors of Australia, Canada, the United States, and New Zealand.

Take our Lenovo quiz here!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Northvolt Mulls US Bankruptcy Protection – Report

Troubled battery maker Northvolt reportedly considers Chapter 11 bankruptcy protection in the United States as…

2 days ago

FTC Plans Investigation Into Microsoft Cloud Business – Report

Microsoft's cloud business practices are reportedly facing a potential anti-competitive investigation by the FTC

2 days ago

Programmer Sentenced To Five Years In Prison For Bitcoin Laundering

Ilya Lichtenstein sentenced to five years in prison for hacking into a virtual currency exchange…

2 days ago

Hate Speech Watchdog CCDH To Quit Musk’s X

Target for Elon Musk's lawsuit, hate speech watchdog CCDH, announces its decision to quit X…

3 days ago

Meta Fined €798m Over Alleged Facebook Marketplace Violations

Antitrust penalty. European Commission fines Meta a hefty €798m ($843m) for tying Facebook Marketplace to…

3 days ago

Elon Musk Rebuked By Italian President Over Migration Tweets

Elon Musk continues to provoke the ire of various leaders around the world with his…

3 days ago