Lenovo backtracks, issues Superfish security alert

By on
Lenovo backtracks, issues Superfish security alert

US delivers official warning about traffic intercepting adware.

PC giant Lenovo has acknowledged that adware it pre-loaded on several notebooks can be used in man-in-the-middle interception attacks.

Lenovo originally said the Superfish adware was installed to "enhance the experience for users", attempting to play down concerns over the adware installing a fake digital certificate that gave it full access to customers' Transport Layer Security (TLS) authenticated and secure web browsing sessions.

A researcher was able to easily extract the private key to the fake Superfish certificate, which would allow anyone on the same network as a target user to intercept and modify TLS traffic.

The United States Computer Emergency Readiness Team (US-CERT) is now warning users to uninstall Superfish and the fake certificate, to avoid falling victim to HTTPS spoofing.

Lenovo has itself issued the LEN-2015-101 security advisory about the Superfish vulnerability, listing a range of notebooks that had the adware pre-loaded between September 2014 and February this year.

Over the weekend it released a tool that removes the bogus certificate as well as the software.

Microsoft also this weekend released updated definitions for its Defender anti-malware program, which now recognises the "Trojan:Win32/Superfish.A" adware and removes it, and resets the Windows certificate store.

Superfish CEO Adi Pinhas issued a statement blaming Israeli company Komodia - which built the SSL redirector application used in the adware - for the vulnerability.

US-CERT noted that the Komodia redirector, which it said installs non-unique root digital certificates and private keys which in turn make systems "broadly vulnerable to HTTPS spoofing," is used by several other vendors as well.

In addition to sharing root CA certificates across installation, it has been reported that the SSL validation that Komodia itself performs is broken. This vulnerability can allow an attacker to universally attack all installations of Komodia Redirector, rather than needing to focus on a single application/certificate. 

- US-CERT

On systems with the Komodia SSL redirector installed, attackers can spoof and intercept HTTPS traffic without triggering browser certificate warnings, US-CERT warned.

The organisation advised users to uninstall the Komodia SSL redirector and its associated certificates from their systems.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
dhs komodia lenovo microsoft mitm security superfish tlsssl
In Partnership With

Most Read Articles

NBN Co plots upload speed cut to fixed wireless

NBN Co plots upload speed cut to fixed wireless
Govt finally reveals how it plans to target encryption

Govt finally reveals how it plans to target encryption
Broadband tax revived as Labor backs plan

Broadband tax revived as Labor backs plan
NAB applies microservices to its team structure

NAB applies microservices to its team structure
You must be a registered member of iTnews to post a comment.
| Register

Whitepapers from our sponsors

Report: ANZ IT Decision Makers - Top Priorities for Endpoint Security 2018
Report: ANZ IT Decision Makers - Top Priorities for Endpoint Security 2018
Managed Security Service Providers for Dummies
Managed Security Service Providers for Dummies
The Cost of Cloud Expertise report
The Cost of Cloud Expertise report
The business case for hyperconvergence
The business case for hyperconvergence
What Every CIO Should Know about DevOps & Container Guides by Puppet
What Every CIO Should Know about DevOps & Container Guides by Puppet

Events

Log In

Username / Email:
Password:
  |  Forgot your password?