Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Lenovo installed software making laptops vulnerable to hacking


  • Please log in to reply
40 replies to this topic

#1 JohnC_21

JohnC_21

  • Members
  • 24,009 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:32 PM

Posted 19 February 2015 - 08:13 AM

BEIJING (Reuters) - China's Lenovo Group Ltd, the world's largest PC maker, had pre-installed a virus-like software on laptops that makes the devices more vulnerable to hacking, cybersecurity experts said on Thursday.

Users reported as early as last June that a program called Superfish pre-installed by Lenovo on consumer laptops was 'adware', or software that automatically displays adverts.

Robert Graham, CEO of U.S.-based security research firm Errata Security, said Superfish was malicious software that hijacks and throws open encrypted connections, paving the way for hackers to also commandeer these connections and eavesdrop, in what is known as a man-in-the-middle attack.

 

 

http://news.yahoo.com/lenovo-installed-software-making-laptops-vulnerable-hacking-experts-111931281--finance.html



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,480 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:32 PM

Posted 19 February 2015 - 08:54 AM

Always look for the "Made in China" label.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:12:32 AM

Posted 19 February 2015 - 09:08 AM

I'm using a Lenovo laptop, but it's because I don't have any other choices... :lmao:

Alex

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,480 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:32 PM

Posted 19 February 2015 - 09:23 AM

More news links...
.
How Lenovo's Superfish 'Malware' Works And What You Can Do To Kill It

To find out if you’re affected, locate Windows’ list of trusted certificates by opening up the Control Panel and searching for “certificates”. This will bring up Administrative Tools and a “manage computer certificates” option. Click on the “Trusted Root Certification Authorities” option and then “Certificates”. This will bring up a list of certificates. If you see one with Superfish Inc attached to it, you may be vulnerable.

Even users who do find it, uninstalling the program does not get rid of the problem, as that will not remove the certificate. So for anyone concerned that Superfish is still swimming around their computer, the best option might be to back everything up on their systems and install a new operating system. It might be a good excuse to upgrade to a more secure OS anyway.


Lenovo laptops ship with adware that hijacks HTTPS connections
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:32 PM

Posted 19 February 2015 - 10:19 AM

Currently using a Lenovo ThinkPad T540p at work. The new laptops we give to employees are T540p and T440s and we just ordered two new models of Lenovo ThinkPad... Oupsies. However, they all have our custom Windows images installed on them, so I guess we're fine.

Edited by Aura., 19 February 2015 - 10:20 AM.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#6 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:12:32 AM

Posted 19 February 2015 - 10:21 AM

My laptop has the HDD replaced (the old one was dying), so I guess I'm fine.

Alex

#7 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:32 PM

Posted 19 February 2015 - 11:25 AM

I could try to actually configure the next Lenovo laptop we receive at work to see if I can find the certificates and other malicious items. That should be interesting.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#8 JohnC_21

JohnC_21
  • Topic Starter

  • Members
  • 24,009 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:32 PM

Posted 19 February 2015 - 02:08 PM

Website to test for SuperFish

 

https://filippo.io/Badfish/

 

How to paint yourself into a corner (Lenovo edition)

 

The problem here is not just that this is a lousy idea. It’s that Lenovo used the same certificate on every single Laptop it shipped with Superfish. And since the proxy software also requires the corresponding private key to decrypt and modify your web sessions, that private key was also shipped on every laptop. It took all of a day for a number of researchers to find that key and turn themselves into Lenovo-eating interception proxies. This sucks for Lenovo users.

 



#9 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:32 PM

Posted 19 February 2015 - 02:12 PM

It's really sad to see something like that happened. For one, I really like Lenovo laptops, I find them performing and elegant at the same time. I guess that I'll have to look at them on another eye now. Weren't they also the ones who shipped computers and laptop with a OEM software of a toolbar that was made with the "Conduit Engine"?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,480 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:32 PM

Posted 19 February 2015 - 02:17 PM

From the link provided by JohnC_21...Superfish removal guide
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 13,252 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:09:32 AM

Posted 19 February 2015 - 06:33 PM

 

One of the most popular computer manufacturers Lenovo is being criticized for selling laptops pre-installed with invasive marketing software, or malware that, experts say, opens up a door for hackers and cyber crooks.
 
The software, dubbed ‘Superfish Malware’, analyzes users’ Internet habits and injects third-party advertising into websites on browsers such as Google Chrome and Internet Explorer based on that activities without the user’s permission.
 
Security researchers recently discovered Superfish Malware presents onto new consumer-grade Lenovo computers sold before January of 2015. When taken out of the box for the first time, the adware gets activated and because it comes pre-installed, Lenovo customers might end up using it inadvertently.
 
SUPERFISH CERTIFICATE PASSWORD CRACKED
The Superfish Malware raised serious security concerns about the company’s move for breaking fundamental web security protocols, carrying out "Man in the Middle" (MitM) attacks - impersonating the security certificates of encrypted websites in order to monitor users’ behavior even on protected sites.
 
This would trouble Lenovo users because MitM attack can open a door for hackers to potentially compromise the sensitive information of any customer affected by Superfish - like passwords or banking details - because users’ data isn't actually being protected.
 
Anyone with the password that unlocks that single password-protected certificate authority would be able to completely bypass the computer's web encryption.
 
 

According to a post by Errata Security's Robert David Graham, he cracked and published the password which was stored in the Superfish software's active memory and was trivial to extract. So, one could imagine the loss, if the same would be done by any hacker or cyber crook.

 

Lenovo Shipping PCs with Pre-Installed 'Superfish Malware' that Kills HTTPS

 

 

.

 

Arch Linux .
 
 Come join the fun, chat to Bleeping computer members and staff in real time on Discord.
 
The BleepingComputer Official Discord Chat Server!


#12 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:12:32 AM

Posted 19 February 2015 - 07:00 PM

Sorry Nick, but someone else already posted it here.

Alex

#13 Crazy Cat

Crazy Cat

  • Members
  • 808 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lunatic Asylum
  • Local time:11:32 AM

Posted 19 February 2015 - 07:31 PM

How to remove the Superfish malware: What Lenovo doesn’t tell you. http://arstechnica.com/security/2015/02/how-to-remove-the-superfish-malware-what-lenovo-doesnt-tell-you/
 

Two things are infinite: the universe and human stupidity; and I'm not sure about the universe. ― Albert Einstein ― Insanity is doing the same thing, over and over again, but expecting different results.

 

InternetDefenseLeague-footer-badge.png


#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,480 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:32 PM

Posted 19 February 2015 - 08:29 PM

Sorry Nick, but someone else already posted it here.

Alex

The topics have been merged.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#15 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,480 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:32 PM

Posted 20 February 2015 - 12:37 PM

Microsoft has updated Windows Defender to root out the Superfish bug
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users