Superfish Man-in-the-Middle Attack – Lenovo Computers

lenovo-z70-80DO YOU OWN A NEWER LENOVO COMPUTER?
IS IT ONE OF THESE MODELS?

E Series: E10-30
G Series: G410, G510, G710, G40-70, G50-70, G40-30, G50-30, G40-45, G50-45, G40-80
S Series: S310, S410, S40-70, S415, S415Touch, S435, S20-30, S20-30Touch
U Series: U330P, U430P, U330Touch, U430Touch, U530Touch
Y Series: Y430P, Y40-70, Y50-70, Y40-80, Y70-70
Z Series: Z40-75, Z50-75, Z40-70, Z50-70, Z70-80
Edge Series: Edge 15
Flex Series: Flex2 14D, Flex2 15D, Flex2 14, Flex2 15, Flex2 Pro, Flex 10
MIIX Series: MIIX2-8, MIIX2-10, MIIX2-11, MIIX 3 1030
YOGA Series: YOGA2Pro-13, YOGA2-13, YOGA2-11, YOGA3 Pro

(ThinkPad, ThinkCentre, Lenovo Desktop, ThinkStation, ThinkServer and System x products are not impacted.)
Source: Lenovo

If so, read on. If not, rest easy!

I received this information from AVG and went on the internet to check it out, and yes this IS valid, it’s not a hoax!

FROM LENOVO:

SuperFish was previously included on some consumer notebook products shipped between September 2014 and February 2015 to assist customers with discovering products similar to what they are viewing. However, user feedback was not positive, and we responded quickly and decisively:

SuperFish has completely disabled server side interactions (since January) on all Lenovo products so that the software product is no longer active, effectively disabling SuperFish for all products in the market.
Lenovo ordered the pre-load removal in January.

We will not preload this software in the future.

Published reports have recently identified vulnerabilities in the software, which include installation of a self-signed root certificate in the local trusted CA store.

http://support.lenovo.com/us/en/product_security/superfish

FROM AVG

What is Superfish?

Superfish is a piece of software that Lenovo has admitted to pre-installing on many of its laptops to “enhance the shopping experience” of its users. However, the U.S. Computer Emergency Readiness Team calls Superfish a “man-in-the-middle attack” because of how it “intercepts users’ web traffic to provide targeted advertisements.”

Why is Superfish so Dangerous?

Superfish snoops in on your web browsing and secretly slips ads into webpages. But the really dangerous part is that it’s pre-installed with root certificate authority, which allows it to impersonate any server’s security certificate.
If this certificate is compromised by hackers, you could be tricked into logging in to a fake website and giving hackers your password. Because of Superfish, any of your accounts—including encrypted bank accounts—could be easily compromised.

HISTORY ON SUPERFISH (from Wikipedia)

Superfish was founded in 2006 by Adi Pinhas and Michael Chertkof.[2][9] Pinhas is a graduate of Tel Aviv University. In 1999, he co-founded Vigilant Technology, which “invented digital video recording for the surveillance market”; before that, he worked at Verint, an intelligence company that analyzed telephone signals and had allegedly tapped Verizon communication lines.[11] Chertkof is a graduate of Technion and Bar-Ilan University with 10 years of experience in “large scale real-time data mining systems.”

Since its founding, Superfish has used a team of “a dozen or so PhDs” primarily to develop algorithms for the comparison and matching of images. It released its first product, WindowShopper, in 2011. WindowShopper immediately prompted a large number of complaints on internet message boards, from users who didn’t know how the software had been installed on their machines.

Superfish initially received funding from Draper Fisher Jurvetson, and to date has raised over $20 million, mostly from DFJ and Vintage Investment Partners. Forbes listed the company as number 64 on their list of America’s most promising companies.

CEO Adi Pinhas in 2014 stated that “Visual search is not here to replace the keyboard … Visual search is for the cases in which I have no words to describe what I see.”

As of 2014, Superfish products had over 80 million users.

Download SuperFish Removal Tool 

Or go Here for the SuperFish Removal Tool and/or Manual Instructions from Lenovo:
http://support.lenovo.com/us/en/product_security/superfish_uninstall

Slate leaves a Scathing Review Worth Reading:

Are Lenovo and Superfish Evil or Incompetent?

 

AFFILIATE LINKS: I may be compensated when you purchase a product or service by clicking on links in my website, blog, messages or other sources. I only recommend products and services that I would be willing to use myself. I also make every effort to choose reliable resources. You will not pay any more when you click through my links rather than buying from the source directly.

I am a Save10 Associate. Ask me how you can Save 10% on purchases you make at stores you like. OR Ask me about Guaranteed Advertising for your own Business ... FOR FREE!

Sorry, comments are closed for this post.