Lenovo, one of the popular companies shipped it’s laptops pre-installed with an adware that acts as man-in-the middle that is capable of breaking the secured connections over the WEB. “https” Hyper text transfer secure is used to establish secured connections between two servers on the WEB. When ever a user requests for it, a certificate is issued by the Website officially. But with the Adware that is pre-installed on Lenovo from a company “SuperFish“, made users details vulnerable even on the most secured browsing. The certificates are imitated and issued by Superfish company, which one of the users found out and published it on WEB. The issue has raised since then and when it was taken to the notice of Lenovo, they did not agree for it. But, as the matter goes viral, Lenovo now admits its mistake of shipping their system’s with man-in-the-middle adware by Superfish Inc.
Understanding Man-In-The-Middle Adware
Generally when someone’s on WEB, they establish a connection directly to the web server. But, when there’s Man-in-the-middle kind of adware, the connection is routed to the hacker (attacker) and then is directed to the web server which makes all the confidential details vulnerable to the attacker. It installs a self-signed root HTTPS certificate that is capable to intercept the encrypted traffic of a user for every web site he visits.
The attacker would be able to spy on every thing you do, even on a secured connection. If you go check on the certificates issued, you may see “Superfish Inc”, which is not cool at all. The reason you share your bank details or any confidential information over WEB on HTTPS is, it is totally encrypted and secure. Now, you got it wrong if you’re using Lenovo. Your details might already have been exposed to the attacker, if you are using the models one among the below.
You might also be interested at:
Lenovo has released list of models that might have Superfish pre-installed in them. Below is the list of them.
G Series: G410, G510, G710, G40-70, G50-70, G40-30, G50-30, G40-45, G50-45
U Series: U330P, U430P, U330Touch, U430Touch, U530Touch
Y Series: Y430P, Y40-70, Y50-70
Z Series: Z40-75, Z50-75, Z40-70, Z50-70
S Series: S310, S410, S40-70, S415, S415Touch, S20-30, S20-30Touch
Flex Series: Flex2 14D, Flex2 15D, Flex2 14, Flex2 15, Flex2 14(BTM), Flex2 15(BTM), Flex 10
MIIX Series: MIIX2-8, MIIX2-10, MIIX2-11
YOGA Series: YOGA2Pro-13, YOGA2-13, YOGA2-11BTM, YOGA2-11HSW
E Series: E10-30]
For complete information regarding Lenovo shipping its Laptops with the Man-in-the-Middle adware, click here.
Lenovo Admits It’s Mistake
As this issue has been circling round the web for past few days, Lenovo admits its mistake for shipping Laptops pre-installed with man-in-the-middle adware by a company named Superfish Inc. So, it now has released a tool to remove the Adware from the system.
“We did not know about the potential security vulnerability until Yesterday”, said Lenovo said in a statement released on saturday, sydney time. To overcome the mess they have created or been a reason to, Lenovo has joined with Microsoft to release a tool (removal tool) to fix this Superfish Issue. Also a Chinese hardware manufacturer said its working with McAfee and Microsoft to possibly quarantine the Superfish.
A recent post at ZDNet says, “Lenovo admits security issues with Sueprfish, releases removal tool“. Hoping this problem can really be fixed. Or else, Lenovo could definitely loose its loyal customers soon. Who would like to be spied on their personal and private information by someone who wants to steal everything from them?
So, this man-in-the-middle adware has been found on lenovo system’s for now. There are many other scenario’s where this kind of adware’s are normally used. Make sure that you’re safe whenever you’re on the Web. Thank You.