Lenovo backtracks, issues Superfish security alert

By on
Lenovo backtracks, issues Superfish security alert

US delivers official warning about traffic intercepting adware.

PC giant Lenovo has acknowledged that adware it pre-loaded on several notebooks can be used in man-in-the-middle interception attacks.

Lenovo originally said the Superfish adware was installed to "enhance the experience for users", attempting to play down concerns over the adware installing a fake digital certificate that gave it full access to customers' Transport Layer Security (TLS) authenticated and secure web browsing sessions.

A researcher was able to easily extract the private key to the fake Superfish certificate, which would allow anyone on the same network as a target user to intercept and modify TLS traffic.

The United States Computer Emergency Readiness Team (US-CERT) is now warning users to uninstall Superfish and the fake certificate, to avoid falling victim to HTTPS spoofing.

Lenovo has itself issued the LEN-2015-101 security advisory about the Superfish vulnerability, listing a range of notebooks that had the adware pre-loaded between September 2014 and February this year.

Over the weekend it released a tool that removes the bogus certificate as well as the software.

Microsoft also this weekend released updated definitions for its Defender anti-malware program, which now recognises the "Trojan:Win32/Superfish.A" adware and removes it, and resets the Windows certificate store.

Superfish CEO Adi Pinhas issued a statement blaming Israeli company Komodia - which built the SSL redirector application used in the adware - for the vulnerability.

US-CERT noted that the Komodia redirector, which it said installs non-unique root digital certificates and private keys which in turn make systems "broadly vulnerable to HTTPS spoofing," is used by several other vendors as well.

In addition to sharing root CA certificates across installation, it has been reported that the SSL validation that Komodia itself performs is broken. This vulnerability can allow an attacker to universally attack all installations of Komodia Redirector, rather than needing to focus on a single application/certificate. 

- US-CERT

On systems with the Komodia SSL redirector installed, attackers can spoof and intercept HTTPS traffic without triggering browser certificate warnings, US-CERT warned.

The organisation advised users to uninstall the Komodia SSL redirector and its associated certificates from their systems.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
dhs komodia lenovo microsoft mitm security superfish tlsssl
In Partnership With

Most Read Articles

Aussie banks warn customers after fresh PayID data breach

Aussie banks warn customers after fresh PayID data breach
NBN Co's FTTC and HFC build costs rise again

NBN Co's FTTC and HFC build costs rise again
Morrison vows to tame Centrelink IT "beast"

Morrison vows to tame Centrelink IT "beast"
Australia will now headhunt tech talent for permanent residency

Australia will now headhunt tech talent for permanent residency
You must be a registered member of iTnews to post a comment.
| Register

Whitepapers from our sponsors

Is your AWS framework well-architected?
Is your AWS framework well-architected?
Why you should reassess your cybersecurity posture
Why you should reassess your cybersecurity posture
How will you manage the cloud data deluge?
How will you manage the cloud data deluge?
Follow these steps to prevent targeted attacks
Follow these steps to prevent targeted attacks
Your mobile devices may not be secure – learn how to fix that
Your mobile devices may not be secure – learn how to fix that

Events

Log In

Username / Email:
Password:
  |  Forgot your password?