One of the most popular computer manufacturers Lenovo is being criticized for selling laptops pre-installed with invasive marketing software, or malware that, experts say, opens up a door for hackers and cyber crooks.
The software, dubbed ‘Superfish Malware’, analyzes users’ Internet habits and injects third-party advertising into websites on browsers such as Google Chrome and Internet Explorer based on that activities without the user’s permission.
Security researchers recently discovered Superfish Malware presents onto new consumer-grade Lenovo computers sold before January of 2015. When taken out of the box for the first time, the adware gets activated and because it comes pre-installed, Lenovo customers might end up using it inadvertently.
SUPERFISH CERTIFICATE PASSWORD CRACKED
The Superfish Malware raised serious security concerns about the company’s move for breaking fundamental web security protocols, carrying out "Man in the Middle" (MitM) attacks - impersonating the security certificates of encrypted websites in order to monitor users’ behavior even on protected sites.
This would trouble Lenovo users because MitM attack can open a door for hackers to potentially compromise the sensitive information of any customer affected by Superfish - like passwords or banking details - because users’ data isn't actually being protected.
Anyone with the password that unlocks that single password-protected certificate authority would be able to completely bypass the computer's web encryption.