New Delhi: This week we came across Superfish - a fishy concept about an adware spotted in Lenovo's consumer notebooks that put the devices open to vulnerabilities.
While Lenovo issued statements saying the application was meant to enhance online shopping experience of Lenovo notebook users, it also acknowledged the fact that it was a bigger security issue which got it the classification of a spyware from the US Department of Homeland Security.
So what is Superfish, how was it spotted and what are the implications of the malware for users? Here's a handy guide to the Superfish controversy and what should you do if you use a Lenovo notebook:
What is Superfish?
Superfish is a software that Lenovo pre-installed on some of its consumer laptops in what the company says is a 'shopping aid' to help users find alternative sources or ideas to enhance their shopping experience. The software installs its own root certificate on machines as a means to bypass the secure connections, which means it could break the device's encryption certificates to quiety include more ads on Google search.
What is the security issue with Superfish?
Meant ideally to benefit the customers, Superfish leaves a security loophole while trespassing the secure servers and any malicious hacker could easily steal sensitive user data like bank details, email, phone numbers, etc. which one uses to shop online.
Although there have not been any reports of any attacks due to the vulnerability, Lenovo's CTO Peter Hortensius admitted that there was a way attacks could be carried out in an interview with Mashable.
Superfish's vulnerability allows it to break HTTPS for inserting ads.
Why did this happen?
Despite having the standard security audits run, Superfish was still installed on Lenovo notebooks and it was only this week that the issue about hack vulnerability came to light. Lenovo's CTO acknowledged the fact that the security loophole was evidently missed out by their teams and that there is indeed a possibility of Superfish facilitating hack attacks.
Is there nothing that can be done?
Lenovo notebook users need not panic as this software can be opted-out and one could easily restore the device. Post the discovery of the security loophole, Lenovo has issued a set of automated tools to remove the adware. Alternatively, there is a step-by-step guide published by the company to help users uninstall the software manually.
Hortensius further clarified that the financial arrangement that went into placing Superfish in users' notebooks was minor and by no means was that intended to put at risk user security.
Lenovo is working with both Microsoft and McAfee to develop tools that will quarantine the app or remove it entirely. If you have a Lenovo notebook and have Superfish as a pre-installed app, you simply need to update your Windows Defender. An updated Windows Defender is found to have actively rooting out Superfish on its own and restoring the device securely.
The company has also published its removal tool's source code for scrutiny so that no loopholes are left untreated.
Comments
0 comment