Lenovo backtracks, issues Superfish security alert

By on
Lenovo backtracks, issues Superfish security alert

US delivers official warning about traffic intercepting adware.

PC giant Lenovo has acknowledged that adware it pre-loaded on several notebooks can be used in man-in-the-middle interception attacks.

Lenovo originally said the Superfish adware was installed to "enhance the experience for users", attempting to play down concerns over the adware installing a fake digital certificate that gave it full access to customers' Transport Layer Security (TLS) authenticated and secure web browsing sessions.

A researcher was able to easily extract the private key to the fake Superfish certificate, which would allow anyone on the same network as a target user to intercept and modify TLS traffic.

The United States Computer Emergency Readiness Team (US-CERT) is now warning users to uninstall Superfish and the fake certificate, to avoid falling victim to HTTPS spoofing.

Lenovo has itself issued the LEN-2015-101 security advisory about the Superfish vulnerability, listing a range of notebooks that had the adware pre-loaded between September 2014 and February this year.

Over the weekend it released a tool that removes the bogus certificate as well as the software.

Microsoft also this weekend released updated definitions for its Defender anti-malware program, which now recognises the "Trojan:Win32/Superfish.A" adware and removes it, and resets the Windows certificate store.

Superfish CEO Adi Pinhas issued a statement blaming Israeli company Komodia - which built the SSL redirector application used in the adware - for the vulnerability.

US-CERT noted that the Komodia redirector, which it said installs non-unique root digital certificates and private keys which in turn make systems "broadly vulnerable to HTTPS spoofing," is used by several other vendors as well.

In addition to sharing root CA certificates across installation, it has been reported that the SSL validation that Komodia itself performs is broken. This vulnerability can allow an attacker to universally attack all installations of Komodia Redirector, rather than needing to focus on a single application/certificate. 

- US-CERT

On systems with the Komodia SSL redirector installed, attackers can spoof and intercept HTTPS traffic without triggering browser certificate warnings, US-CERT warned.

The organisation advised users to uninstall the Komodia SSL redirector and its associated certificates from their systems.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
dhs komodia lenovo microsoft mitm security superfish tlsssl
In Partnership With

Most Read Articles

The techies who ran for office in the 2019 federal election

The techies who ran for office in the 2019 federal election
NAB switches on Apple Pay

NAB switches on Apple Pay
CBA exodus for 10,000 technology and operations staff begins

CBA exodus for 10,000 technology and operations staff begins
Game and shame: Internet providers called out again on NBN speed claims

Game and shame: Internet providers called out again on NBN speed claims
You must be a registered member of iTnews to post a comment.
| Register

Whitepapers from our sponsors

How to drive revenue and increase loyalty through customer experience in retail
How to drive revenue and increase loyalty through customer experience in retail
Stop Parasites on your Network with Sophos
Stop Parasites on your Network with Sophos
Stop your Oracle database slowing down your business
Stop your Oracle database slowing down your business
How Macquarie University has prepared for fire and flood
How Macquarie University has prepared for fire and flood
Guide to Fully-Composable Software-Defined Private Cloud
Guide to Fully-Composable Software-Defined Private Cloud

Events

Log In

Username / Email:
Password:
  |  Forgot your password?