Lenovo’s name is coming up more and more on tech forums from users who believe that the company has made a great mistake. Fresh laptops were found to have installed adware even before being opened from the box. There wouldn’t be any problems if this particular feature wouldn’t monitor secure connections.
The software is called Superfish and the laptops get out of the fabric with the installation completed already. Mechanisms are not complicated: the adware inserts third-party ads into Google searches and on every website that the user is surfing, without his permission. Google Chrome and Internet Explorer have been checked for this particular politeness and it isn’t existent al all. On the other hand, some of the commentators on the forum have specified that the adware offers the possibility to install its own self-signed certificate authority that has the role of allowing it to monitor secure connections. The conclusion is that Lenovo’s Superfish stole all manner of web traffic using those fake, self-signed, root certificates to interject commercial and broadcast into sessions. This is very bad news to those who have used the laptops, taking into consideration that people also make bank transactions and access various personal accounts.
Forum administrator and Lenovo employee Mark Hopkins have responded to the dozens of angry posts saying that new laptops will not be sold with Superfish anymore. Additionally, Lenovo has asked the company behind the program to create an update that destroys the pop-up ads that have become so disturbing and also very dangerous.
“Due to some issues (browser pop up behavior for example), with the Superfish Visual Discovery browser add-on, we have temporarily removed Superfish from our consumer systems until such time as Superfish is able to provide a software build that addresses these issues.”
He also said that the technology analyses images instantly on the web and presents identical and similar products offers that may have lower prices, this feature being meant to help the users search for images even without knowing how to look up the notion of item in a typical text-based search engine.
Facebook engineering director Mike Shaver has been the one who raised the alarm about the ad/bloatware on Twitter and discovered that the Superfish certificates that have been posted on the forums by different users have been sharing the same RSA key. As a consequence, Superfish has become a threat and has been listed by at least 11 antivirus companies, in order to make the users pay attention to it.
“Lenovo installs a MITM cert and proxy called SuperFish, on new laptops, so it can inject ads? Someone tell me that’s not the world I’m in.”
Image Source: Assets