Lenovo backtracks, issues Superfish security alert

By on
Lenovo backtracks, issues Superfish security alert

US delivers official warning about traffic intercepting adware.

PC giant Lenovo has acknowledged that adware it pre-loaded on several notebooks can be used in man-in-the-middle interception attacks.

Lenovo originally said the Superfish adware was installed to "enhance the experience for users", attempting to play down concerns over the adware installing a fake digital certificate that gave it full access to customers' Transport Layer Security (TLS) authenticated and secure web browsing sessions.

A researcher was able to easily extract the private key to the fake Superfish certificate, which would allow anyone on the same network as a target user to intercept and modify TLS traffic.

The United States Computer Emergency Readiness Team (US-CERT) is now warning users to uninstall Superfish and the fake certificate, to avoid falling victim to HTTPS spoofing.

Lenovo has itself issued the LEN-2015-101 security advisory about the Superfish vulnerability, listing a range of notebooks that had the adware pre-loaded between September 2014 and February this year.

Over the weekend it released a tool that removes the bogus certificate as well as the software.

Microsoft also this weekend released updated definitions for its Defender anti-malware program, which now recognises the "Trojan:Win32/Superfish.A" adware and removes it, and resets the Windows certificate store.

Superfish CEO Adi Pinhas issued a statement blaming Israeli company Komodia - which built the SSL redirector application used in the adware - for the vulnerability.

US-CERT noted that the Komodia redirector, which it said installs non-unique root digital certificates and private keys which in turn make systems "broadly vulnerable to HTTPS spoofing," is used by several other vendors as well.

In addition to sharing root CA certificates across installation, it has been reported that the SSL validation that Komodia itself performs is broken. This vulnerability can allow an attacker to universally attack all installations of Komodia Redirector, rather than needing to focus on a single application/certificate. 

- US-CERT

On systems with the Komodia SSL redirector installed, attackers can spoof and intercept HTTPS traffic without triggering browser certificate warnings, US-CERT warned.

The organisation advised users to uninstall the Komodia SSL redirector and its associated certificates from their systems.

Copyright © iTnews.com.au . All rights reserved.
Tags:
dhs komodia lenovo microsoft mitm security superfish tlsssl

Most Read Articles

Petya damage to TNT Express systems is likely permanent

Petya damage to TNT Express systems is likely permanent
Meet WooliesX, the new digital arm of Woolworths

Meet WooliesX, the new digital arm of Woolworths
AWS warns users about open S3 buckets

AWS warns users about open S3 buckets
Why you should care about the govt's encryption crackdown

Why you should care about the govt's encryption crackdown
You must be a registered member of iTnews to post a comment.
| Register

Whitepapers from our sponsors

Optimising Enterprise Data Centres for the Cloud
Optimising Enterprise Data Centres for the Cloud
Growing companies have a growing interest in technology
Growing companies have a growing interest in technology
RSA NetWitness® Endpoint. Respond 3X Faster to Threats
RSA NetWitness® Endpoint. Respond 3X Faster to Threats
Building platforms for future health and education
Building platforms for future health and education
Breach Level Index Report
Breach Level Index Report

Events

Log In

Username:
Password:
|  Forgot your password?