Lenovo, the famous PC maker has apologized its users after report of Superfish malware humiliated it across the media. Lenovo is yet to explain how this blunder became possible. On the other hand, Microsoft reacted quickly and gave an update in Windows defender, which completely grilled Superfish. A lot of Lenovo users have thanked Microsoft on this quick step.
Superfish helps users find and discover products visually, it instantly analyze the images on the website and offer the similar products in lower prices. Lenovo claims that it was unaware of this software which can grant hackers to have access to a user’s secure browser data, allowing third parties to potentially collect passwords, bank details and other sensitive information. Even the CTO of the Lenovo company, Peter Hortensius, said in an interview that they have made a mistake.
This software was included in some models of laptops which were sold worldwide between September and December. After receiving complaints from the users it they discontinued to pre-install it on to the laptops. This software is developed by the company named Superfish (same name as of its software) with base in Tel Aviv and Palo Alto and was also recently ranked 4th on a list of fastest growing companies in US.
This software actually installs its own self-signed certificate which is a malicious technique known as man-in-middle attack, where the certificate allows the software to decrypt secure requests. The biggest threat in the security point of view is that hackers could use Superfish encryption methods and mistreat them to intercept other people’s traffic. For example, if someone is sitting in a coffee shop and is using public Wi-Fi then the owner could easily spy on any Lenovo user on network, collecting any password entered during the session.
Meanwhile, Lenovo is not pre-installing the software in the Lenovo machines. As some machines still have this software so they have asked the users to post on their forum in case of any concerns and they have also released full instructions on how to fully remove Superfish from their machines. A developer has also made a website which helps Lenovo users to know that if they are affected by security certificate and helps them on how to resolve those issues.
Check if you are affected by this malware by clicking this link