Lenovo backtracks, issues Superfish security alert

By on
Lenovo backtracks, issues Superfish security alert

US delivers official warning about traffic intercepting adware.

PC giant Lenovo has acknowledged that adware it pre-loaded on several notebooks can be used in man-in-the-middle interception attacks.

Lenovo originally said the Superfish adware was installed to "enhance the experience for users", attempting to play down concerns over the adware installing a fake digital certificate that gave it full access to customers' Transport Layer Security (TLS) authenticated and secure web browsing sessions.

A researcher was able to easily extract the private key to the fake Superfish certificate, which would allow anyone on the same network as a target user to intercept and modify TLS traffic.

The United States Computer Emergency Readiness Team (US-CERT) is now warning users to uninstall Superfish and the fake certificate, to avoid falling victim to HTTPS spoofing.

Lenovo has itself issued the LEN-2015-101 security advisory about the Superfish vulnerability, listing a range of notebooks that had the adware pre-loaded between September 2014 and February this year.

Over the weekend it released a tool that removes the bogus certificate as well as the software.

Microsoft also this weekend released updated definitions for its Defender anti-malware program, which now recognises the "Trojan:Win32/Superfish.A" adware and removes it, and resets the Windows certificate store.

Superfish CEO Adi Pinhas issued a statement blaming Israeli company Komodia - which built the SSL redirector application used in the adware - for the vulnerability.

US-CERT noted that the Komodia redirector, which it said installs non-unique root digital certificates and private keys which in turn make systems "broadly vulnerable to HTTPS spoofing," is used by several other vendors as well.

In addition to sharing root CA certificates across installation, it has been reported that the SSL validation that Komodia itself performs is broken. This vulnerability can allow an attacker to universally attack all installations of Komodia Redirector, rather than needing to focus on a single application/certificate. 

- US-CERT

On systems with the Komodia SSL redirector installed, attackers can spoof and intercept HTTPS traffic without triggering browser certificate warnings, US-CERT warned.

The organisation advised users to uninstall the Komodia SSL redirector and its associated certificates from their systems.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
dhs komodia lenovo microsoft mitm security superfish tlsssl

Most Read Articles

Centrelink's new payments engine enters build phase

Centrelink's new payments engine enters build phase
Defence worried its $1.8bn Telstra-built network needs urgent action

Defence worried its $1.8bn Telstra-built network needs urgent action
NAB to restructure IT, cut staff

NAB to restructure IT, cut staff
Inside NEXTDC's new Sydney data centre, S2

Inside NEXTDC's new Sydney data centre, S2
You must be a registered member of iTnews to post a comment.
| Register

Whitepapers from our sponsors

Government Digital Transformation Requires Customer Obsession
Government Digital Transformation Requires Customer Obsession
Master the fundamentals of AWS cost efficiency
Master the fundamentals of AWS cost efficiency
Get IT, finance and business on the same page
Get IT, finance and business on the same page
Why is DevSecOps important to your business?
Why is DevSecOps important to your business?
Architecting Hybrid IT & Edge for Digital Advantage
Architecting Hybrid IT & Edge for Digital Advantage

Events

Log In

Username / Email:
Password:
  |  Forgot your password?