Researchers: Lenovo laptops ship with adware that hijacks HTTPS connections | ZDNet Edition: Asia Australia Europe India United Kingdom United States ZDNet around the globe: ZDNet France ZDNet Germany ZDNet Korea ZDNet Japan Search What are you looking for? Go Videos Windows 10 5G Best VPNs Cloud Security AI more TR Premium Working from Home Innovation Best Web Hosting ZDNet Recommends Tonya Hall Show Executive Guides ZDNet Academy See All Topics White Papers Downloads Reviews Galleries Videos TechRepublic Forums Newsletters All Writers Preferences Community Newsletters Log Out What are you looking for? Go Menu Videos Windows 10 5G Best VPNs Cloud Security AI TR Premium Working from Home Innovation Best Web Hosting ZDNet Recommends Tonya Hall Show Executive Guides ZDNet Academy See All Topics White Papers Downloads Reviews Galleries Videos TechRepublic Forums Preferences Community Newsletters Log Out us Asia Australia Europe India United Kingdom United States ZDNet around the globe: ZDNet France ZDNet Germany ZDNet Korea ZDNet Japan Researchers: Lenovo laptops ship with adware that hijacks HTTPS connections Chinese hardware manufacturer Lenovo has come under fire for allegedly shipping consumer Windows laptops with software that hijacks secure website connections, as well as inserting ads into search results. By Chris Duckett | February 19, 2015 -- 06:46 GMT (22:46 PST) | Topic: Security Lenovo has been pilloried by a number of security experts for shipping software in its consumer Windows devices that not only injects advertising into search engine results, but also has the capability to intercept and hijack SSL/TLS connections to websites, thanks to the installation of a self-signing certificate authority on affected machines. A Superfish certificate claiming to be Bank of America(Image: Chris Palmer)The issue has remained latent since Mark Hopkins, a Lenovo social media program manager, confirmed in January that the company was installing the Superfish Visual Discovery software on some of its products in order to serve ads. "Due to some issues (browser pop-up behavior, for example) with the Superfish Visual Discovery browser add-on, we have temporarily removed Superfish from our consumer systems until such time as Superfish is able to provide a software build that addresses these issues. As for units already in market, we have requested that Superfish auto-update a fix that addresses these issues," Hopkins wrote in a Lenovo forum. ​How to remove Superfish adware from your laptop The bad news is that Lenovo ever put Superfish on their consumer laptops. The good news is that it's not that hard to get rid of it. Read More "To be clear, Superfish comes with Lenovo consumer products only, and is a technology that helps users find and discover products visually. The technology instantly analyzes images on the web and presents identical and similar product offers that may have lower prices, helping users search for images without knowing exactly what an item is called or how to describe it in a typical text-based search engine." Hopkins said that the software does not monitor user behaviour, with each session being independent. "When using Superfish for the first time, the user is presented the Terms of User and Privacy Policy, and has option not to accept these terms, ie, Superfish is then disabled," Hopkins said. However, another user on Lenovo's forums discovered that Superfish was installing its own self-signed root certificate authority, allowing the Superfish software to conduct a man-in-the-middle (MITM) attack and view the contents of any connections that should be encrypted. A Google security engineer, Chris Palmer, confirmed on Twitter that Superfish was intercepting SSL/TLS connections and injecting its own self-signed certificates for all sites on a Yoga 2 laptop, including for Bank of America. The installation of Superfish onto new Lenovo laptops has seen a number of customers complain that the software was interfering with other digital certificates, as well as smart card readers. Potentially most damaging of all, Palmer has confirmed with one other affected user that the certificates used share the same key, which leaves any impacted Lenovo user vulnerable to an attack from anyone able to extract the certificate's private key, with the user left without any warning or notice of such an attack. The only remedy to removing Superfish appears to be reinstalling Windows from a non-Lenovo image, or moving to another operating system -- uninstalling the Superfish software can reportedly leave the root certificate authority behind. Lenovo was approached for comment, but had not responded by the time of writing. Related Topics: Hardware Security TV Data Management CXO Data Centers By Chris Duckett | February 19, 2015 -- 06:46 GMT (22:46 PST) | Topic: Security Show Comments LOG IN TO COMMENT My Profile Log Out | Community Guidelines Join Discussion Add Your Comment Add Your Comment More from Chris Duckett Mobility Foxtel customers up 12% thanks to Kayo and Binge as namesake brands drop Mobility SpaceX could serve Australian external islands with satellite broadband by 2022 Networking NBN reconnects Mallacoota following Black Summer fire damage Mobility Small business complaint percentage inching upwards in latest TIO figures Please review our terms of service to complete your newsletter subscription. By registering, you agree to the Terms of Use and acknowledge the data practices outlined in the Privacy Policy. You will also receive a complimentary subscription to the ZDNet's Tech Update Today and ZDNet Announcement newsletters. You may unsubscribe from these newsletters at any time. You agree to receive updates, alerts, and promotions from the CBS family of companies - including ZDNet’s Tech Update Today and ZDNet Announcement newsletters. You may unsubscribe at any time. By signing up, you agree to receive the selected newsletter(s) which you may unsubscribe from at any time. You also agree to the Terms of Use and acknowledge the data collection and usage practices outlined in our Privacy Policy. Continue Newsletters See All See All Related Stories 1 of 3 Every Google Chrome user should click this button now Whether you're using Google Chrome on a Windows system or on a Mac, you should go find and click this button now. Webdev tutorials site SitePoint discloses data breach SitePoint admits data breach after one million user creds were sold on a hacking forum last December. Stop trying to take humans out of security operations The core capabilities of human beings are AI's blind spots; "humanness" is simply not yet ,or possibly ever replicable by artificial intelligence. We have yet to build an effective ... Google Chrome sync feature can be abused for C&C and data exfiltration A security researcher has found a malicious Chrome extension in the wild abusing the Chrome Sync process. Best VPN services in 2021: Safe and fast don't come free Virtual private networks aren't essential only for securing your unencrypted Wi-Fi connections in coffee shops and airports. Every remote worker should consider a VPN to stay safe ... Google kills The Great Suspender: here's what you should do next The Great Suspender, an extension that automatically shut down tabs you weren't using, has been blocked by Google "because it contains malware." That's left users with lost tabs ... Woman pleads guilty for using gov’t PC to steal photos of 'snitches' in Iowa The photos were shared in a group dedicated to outing “law enforcement cooperators.” Cisco warns of critical remote code execution flaws in these small business VPN routers But it's not releasing patches for some of the affected devices that reached end of life. Founder of cryptocurrency hedge funds charged over $90 million theft Clients were allegedly lied to when they queried where their funds were being invested. ZDNet Connect with us © 2021 ZDNET, A RED VENTURES COMPANY. ALL RIGHTS RESERVED. Privacy Policy | Cookie Settings | Advertise | Terms of Use Topics Galleries Videos Sponsored Narratives Do Not Sell My Information About ZDNet Meet The Team All Authors RSS Feeds Site Map Reprint Policy Manage | Log Out Join | Log In Membership Newsletters Site Assistance ZDNet Academy TechRepublic Forums