Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Sunday, 28 May, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Lenovo accused of installing Superfish adware to conduct malicious activity

by The Gurus
February 19, 2015
in Editor's News
Share on FacebookShare on Twitter

Home computing manufacturer Lenovo has been accused of installing adware on its laptops.
 
Named “Superfish”, the company has suggested users uninstall if they do not find it useful, while security experts have condemned the move, suggesting it is man-in-the-middle software.
 
According to reports, Superfish stole all manner of web traffic using fake, self-signed, root certificates to inject advertisements into sessions, and also monitored user activity, used man-in-the-middle attack techniques to crack secure connections, collected personal information and uploaded it to its servers, and displayed pop-ups with advertising software.
 
The adware not only could allow an attacker to compromise the certificate, but is an application that will hijack all of your secure webconnections (SSL/TLS) by using self-signed root certificate authority, making it look legitimate to the browser.
 
That latter comment came from the Lenovo forum, which claims that Superfish can “collect all data unencrypted”. Named VisualDiscovery and created by developer Superfish, it is described on its website as the true promise of visual search which “image-to-image search technology analyses images from every angle and perspective”. However at the time of writing, the website was blocked by IT Security Guru’s anti-virus.
 
In a comment on the same forum, a Lenovo administrator named Mark Hopkins said that Superfish has been “temporarily removed” from consumer systems until such time as Superfish is able to provide a software build that addresses these issues.
 
“As for units already in market, we have requested that Superfish auto-update a fix that addresses these issues,” he said. “To be clear, Superfish comes with Lenovo consumer products only and is a technology that helps users find and discover products visually. The technology instantly analyses images on the web and presents identical and similar product offers that may have lower prices, helping users search for images without knowing exactly what an item is called or how to describe it in a typical text-based search engine.
 
The Superfish Visual Discovery engine analyzes an image 100 per cent algorithmically, providing similar and near identical images in real time without the need for text tags or human intervention. When a user is interested in a product, Superfish will search instantly among more than 70,000 stores to find similar items and compare prices so the user can make the best decision on product and price.”
 
Security researcher Marc Rogers said in his blog: “We trust our hardware manufacturers to build products that are secure. In this current climate of rising cyber crime, if you can’t trust your hardware manufacturer you are in a very difficult position.
 
“That manufacturer has a huge role to play in keeping you safe – from releasing patches to update software when vulnerabilities are found to behaving in a responsible manner with the data the collect and the privileged access they have to your hardware.
 
“This is unbelievably ignorant and reckless of them. It’s quite possibly the single worst thing I have seen a manufacturer do to its customer base. At this point I would consider every single one of these affected laptops to be potentially compromised and would reinstall them from scratch.”

FacebookTweetLinkedIn
Tags: AdwareCertificateLaptopMITM
ShareTweet
Previous Post

RBS launches biometric capability for mobile app, using Apple TouchID

Next Post

The unanswered questions on Superfish

Recent News

SnapDragon Monitoring scam advice

Tips to Protect Against Holiday and Airline Scams

May 25, 2023
Access Segmentation & Encryption Management from MyCena

New security model launched to eliminate 95% of cyber breaches

May 25, 2023
KnowBe4 Helps Organisations Battle QR Code Phishing Attacks With New Tool

KnowBe4 Helps Organisations Battle QR Code Phishing Attacks With New Tool

May 25, 2023
Purple Logo, capitalised letters: SALT.

Salt Security Uncovers API Security Flaws in Expo Framework, Issues have been Remediated

May 24, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information