Lenovo’s website has been hacked. In what is probably in response to the Superfish scandal, Lizard Squad took over their website in quite a bizarre fashion.
Their homepage was replaced with images of teenagers accompanied by music from ‘High School Musical’. The hack was very brief, with the site already back up and running.
Superfish essentially throws out ads on pages like Google that appear to match your search results. It seemingly does such a thing in Chome and Internet Explorer. It also provides annoying popups – something very common with adware. Superfish is dangerous as well as annoying. It appeared that the software was implementing a man-in-the middle attack by using a self-signed certificate authority, which allowed it to decrypt secure connections, such as those to your bank account or when you’re making a purchase.
Lenovo has since apologised, however it’s an apology some are clearly unhappy with.
The SSL-busting technology recently discovered to be pre-installed on Lenovo laptops has been found as part of another 12 pieces of software, including Trojan malware. The HTTPS-bypassing code, developed by Israeli company Komodia, was a part of the now-infamous Superfish software found on-board Lenovo laptops.
Matt Richard, threat researcher for the Facebook security team, revealed the extent of the code’s reach in a post on Friday, writing, “What all these applications have in common is that they make people less secure through their use of an easily obtained root CA [certificate authority], they provide little information about the risks of the technology, and in some cases they are difficult to remove.”
He continued, “Furthermore, it is likely that these intercepting SSL proxies won’t keep up with the HTTPS features in browsers (e.g., certificate pinning and forward secrecy), meaning they could potentially expose private data to network attackers. Some of these deficiencies can be detected by antivirus products as malware or adware, though from our research, detection successes are sporadic.”
Even the developer Komodia calls one of its SDKs an “SSL hijacker”, so it’s no surprise that the code has found its way into malicious software. The malware, Trojan.Nurjax, was first discovered back in December. According to Symantec, the malware “hijacks the Web browser on the compromised computer and may download additional threats.”
The CEO of Superfish, the company behind the software of the same name that has been central to a recent scandal surrounding Lenovo, has admitted to his company intentionally installing the root certificate authority as part of the software, but says that they did not realise the potential consequences.
Speaking to The Next Web, Superfish CEO, Adi Pinhas, said that the software had useful intentions, but that they purposely utilised the root certificate authority to “enable a search from any site.” Superfish’s intent is to scan websites for products for which it can display ads offering users alternatives they may be interested in. This means it could circumvent SSL on sites like Google so it could continue doing what it intended to do – display ads.
Now Pinhas says that the certificate was “not installed without the users opting in”, but he also said that the company did not realise the potentially devastating consequences of utilising such a certificate and that the company didn’t know about the vulnerability until everyone else did. While that’s fine, it does seem a little hard to believe that the software developers who apparently spent four years developing Superfish didn’t realise the insecure nature of the software.
Nevertheless, it’s pretty clear that Superfish isn’t something you want on your computer.
Lenovo, the company embroiled in controversy over the Superfish adware preinstalled on a number of their PCs, has released a special removal tool to automatically rid their products of the software.
The company initially appeared slow to react to this issue, even perhaps insisting that there was nothing wrong with Superfish. However, after an apology, they have now released a purpose built tool to completely remove the offending program. Those who believe they may be using a Lenovo PC that has been affected by Superfish can download the tool here.
“We are working with McAfee and Microsoft to have the Superfish software and certificate quarantined or removed using their industry-leading tools and technologies. This action has already started and will automatically fix the vulnerability even for users who are not currently aware of the problem.” – Lenovo
It will effectively do the job for you, removing the adware completely. Plus, and perhaps more importantly, it will also take care of the sometime tricky to remove certificate that essentially allowed Superfish, or anyone else with password to that certificate, the ability to snoop on secure connections.
Microsoft has emerged as the hero within this whole Superfish/Lenovo story, as the company has updated its anti-virus software to detect and remove the offending program. Windows Defender, which is preinstalled on Windows 8, and Microsoft Security Essentials, the free-to-download equivalent for Windows 7, have both had their virus definitions updated to detect Superfish.
Where previously removing Superfish was quite a tricky and unclear process for most novice users, the process has been made incredibly simple and easy, with Windows Defender and Security Essentials both able to completely remove the software automatically. Even those users who were unaware of Superfish will have it removed now as well.
Microsoft has really saved the day as it were, resolving the problem for many and if not most of those affected by Superfish, especially considering the fact that all installations of Windows 8 come with Windows Defender.
This is the first direct apology from the company since news broke yesterday revealing the potentially devastating nature of ‘Superfish’. The software has been installed on many new Lenovo PCs since September, and initially appeared to be simple annoying adware. As bad as it was that a major manufacturer purposely installed adware on new PCs, the software was found to be potentially dangerous too, as it contained a certificate that allowed it to intercept seemingly secure connections to websites.
Lenovo initially said that it was “investigating” the claims, but has now come out with its first apology. An apology that many will be be glad to see.
Lenovo has been caught installing adware on new PCs. The software is called Superfish and on the face of it, the software appears to be your standard annoying adware with third-party ads plastered on various websites. It also has those terrible popup ads. However, some have suggested that this software may well be more dangerous than annoying.
Superfish essentially throws out ads on pages like Google that appear to match your search results. It seemingly does such a thing in Chome and Internet Explorer. It also provides annoying popups – something very common with adware. The thing is, Superfish is currently being disabled on new Lenovo machines after many users complained of such annoying popups. Now you’d think that’s a good thing, and that this story is now pointless as a result; well that certainly isn’t the case.
Lenovo community administrator, Mark Hopkins, said that the company would be temporarily removing the software on new systems due to these complaints. Shockingly, he said that the popups were “issues” that needed a “fix”, defending the software as useful in that it “instantly analyzes images on the web and presents identical and similar product offers that may have lower prices.”
It doesn’t stop there. There are now reports that Superfish is dangerous as well as annoying. It appears that the software is implementing a man-in-the middle attack by using a self-signed certificate authority, which allows it to decrypt secure connections, such as those to your bank account or when you’re making a purchase.
If all of this is true, it’s terrible for Lenovo, a trusted PC manufacturer, to be doing this to users’ computer new out of the box. Let’s hope Lenovo has something to say about it.