What You Need to Know About Superfish, The man-in-the-middle Adware Installed on Lenovo PCs

The Lenovo PCs apparently come with pre-installed adware that uses Man-in-the-middle method to inject any ad into any page however trusted and secure.

This was noticed by Lenovo users and posted on Lenovo forums. Another researcher and Lenovo user Marc Rogers has also published a detailed analysis on his blog.

He states that,

A pretty shocking thing came to light this evening – Lenovo is installing adware that uses a “man-in-the-middle” attack to break secure connections on affected laptops in order to access sensitive data and inject advertising. As if that wasn’t bad enough they installed a weak certificate into the system in a way that means affected users cannot trust any secure connections they make – TO ANY SITE.

 

The adware which is called Superfish Visual Discovery software also uses MITM SSL certificates which is only possible by installing a self signed certificate from designated authority, which is Lenovo in this case.

Another user, Kenny White tweeted :

Thus Lenovo is fraudulently using malware to intercept secure connections and collect the unencrypted data, as a poster on the Lenovo forums showed. However Lenovo tends to disagree.  A Lenovo administrator took to the forum to explain what Superfish does:

“To be clear, Superfish comes with Lenovo consumer products only and is a technology that helps users find and discover products visually. The technology instantly analyzes images on the web and presents identical and similar product offers that may have lower prices, helping users search for images without knowing exactly what an item is called or how to describe it in a typical text-based search engine,” he said.

“Superfish technology is purely based on contextual/image and not behavioral. It does not profile nor monitor user behavior. It does not record user information. It does not know who the user is. Users are not tracked nor re-targeted. Every session is independent. When using Superfish for the first time, the user is presented the Terms of User and Privacy Policy, and has option not to accept these terms, i.e., Superfish is then disabled.”

The Superfish VisualDiscovery features which are harmful and irksome are given below :

  • Hijacks legitimate connections.
  • Monitors user activity.
  • Collects personal information and uploads it to it’s servers
  • Injects advertising in legitimate pages.
  • Displays popups with advertising software
  • Uses man-in-the-middle attack techniques to crack open secure connections.
  • Presents users with its own fake certificate instead of the legitimate site’s certificate.

The Lenovo admin have stated that they have temporarily removed Superfish from their customers PC’s till the issue raised in the forum and by cyber security experts is address. For the PCs already sold or being held as inventory by the stores, Lenovo said that, “As for units already in market, we have requested that Superfish auto-update a fix that addresses these issues.”

The Superfish malware issue shows that how major tech companies use their monopolies in the market to victimize users with unwanted and dangerous strategies.