Superfish pre-installed on Lenovo machines .. security issue

Reply Subscribe

Thread Tools

Search this Thread

Feb 19, 2015, 5:23 am

LIH Prem

Original Poster

Join Date: Nov 2000

Location: Upcountry Maui, HI

Posts: 13,303

Superfish pre-installed on Lenovo machines .. security issue

3rd party man in the middle attacks via 3rd party ad-ware pre-installed on lenovo machines. They install their own root certificate, intercept all your encoded TLS/HTTPS traffic and masquerade as the other end of the connection, all while using the same encryption key given out to everybody else. wow.

http://arstechnica.com/security/2015...onnections/#p3

Feb 20, 2015, 2:42 am

stimpy

FlyerTalk Evangelist

Join Date: Feb 1999

Location: Seat 1A, Juice pretty much everywhere, Mucci des Coins Exotiques

Posts: 34,339

This has caught my attention as I just bought a new Lenovo PC for a family member. I'll set it up next week but first I need to find out how to remove Snapfish before I connect the PC to the Internet!

Feb 20, 2015, 3:19 am

LIH Prem

Original Poster

Join Date: Nov 2000

Location: Upcountry Maui, HI

Posts: 13,303

Sorry, it's Superfish, not snapfish.

I think you have to look for and remove the software (standard installer) and also, most importantly, remove the Superfish trusted root certificate which was preinstalled on laptops sold by Lenovo in the 4th quarter of 2014 (some of which may still be in stock).

anyway there's more at Ars today ... Lenovo and Superfish comments ...

http://arstechnica.com/security/2015...https-spyware/

Feb 20, 2015, 3:25 am

LIH Prem

Original Poster

Join Date: Nov 2000

Location: Upcountry Maui, HI

Posts: 13,303

removal instructions (mashable)

http://mashable.com/2015/02/19/lenov...ish-explainer/

That article includes a list of machine/models that shipped with it.
And links to ways to check for it and detect it.

-David

Feb 20, 2015, 3:38 am

stimpy

FlyerTalk Evangelist

Join Date: Feb 1999

Location: Seat 1A, Juice pretty much everywhere, Mucci des Coins Exotiques

Posts: 34,339

Thanks for the link. I bought an E50-00 tower which isn't on the list. But I will double check anyway!

Feb 20, 2015, 12:50 pm

YVR Cockroach

FlyerTalk Evangelist

Join Date: Nov 1999

Programs: FB Silver going for Gold

Posts: 21,794

More on what Superfish-like vulnerabilities might be on your computer

http://www.forbes.com/sites/thomasbr...uperfish-ddos/

Feb 20, 2015, 9:11 pm

kyee

Join Date: Nov 2009

Location: HNL & SFO

Programs: UA MM/Gold

Posts: 292

This is definitely disturbing, given that our company has standardized on Lenovo laptops, and just about everyone here uses one.

Feb 20, 2015, 11:17 pm

unmesh

Join Date: Nov 2003

Location: San Jose, CA

Posts: 460

Got an email from Lenovo about this and assuring me that Thinkpads never had it installed!

Feb 21, 2015, 8:06 am

gfunkdave

FlyerTalk Evangelist

Join Date: Nov 2002

Location: ORD

Posts: 14,229

Check for the Superfish root CA and for the program in the control panel.

Feb 21, 2015, 6:26 pm

#10

LIH Prem

Original Poster

Join Date: Nov 2000

Location: Upcountry Maui, HI

Posts: 13,303

Quote:

Originally Posted by gfunkdave

Check for the Superfish root CA and for the program in the control panel.

Some third party programs have their own root certificate stores, firefox and thunderbird for example. You need to check those too.

-David

Feb 21, 2015, 7:17 pm

#11

bowdenj

Join Date: Apr 2001

Location: Indianapolis, IN USA

Posts: 2,065

Bought a laptop for a family member and need to verify model number - what were they thinking?!

Feb 21, 2015, 8:00 pm

#12

Coathanger

Join Date: Sep 2004

Location: SYD

Programs: UA Premier Gold (*G), IHG Platinum & Hyatt Discoverist

Posts: 1,456

Quote:

Originally Posted by unmesh

Got an email from Lenovo about this and assuring me that Thinkpads never had it installed!

Disturbing. Used to be a big advocate of ThinkPads before switching over to rMBP for the Retina screen.

Feb 22, 2015, 4:32 am

#13

stimpy

FlyerTalk Evangelist

Join Date: Feb 1999

Location: Seat 1A, Juice pretty much everywhere, Mucci des Coins Exotiques

Posts: 34,339

Here's a test to see if you have Superfish installed...

https://filippo.io/Badfish/

Feb 22, 2015, 5:03 am

#14

JR14

Join Date: Sep 2013

Location: Spain

Posts: 169

Quote:

Originally Posted by stimpy

Here's a test to see if you have Superfish installed...

https://filippo.io/Badfish/

If only one browser out of three comes up as vulnerable, and that's one that you barely use, do you still need to take quick action? Asking as someone without much technical experience.

Feb 22, 2015, 6:33 am

#15

stimpy

FlyerTalk Evangelist

Join Date: Feb 1999

Location: Seat 1A, Juice pretty much everywhere, Mucci des Coins Exotiques

Posts: 34,339

Quote:

Originally Posted by JR14

If only one browser out of three comes up as vulnerable, and that's one that you barely use, do you still need to take quick action? Asking as someone without much technical experience.

From what I've read, it's not that you would use Superfish, but that other programs could use it. So yes, if it shows up on any browser you should take immediate action such as the removal instructions above.

Reply Share

First
Prev
1 / 2
Next
Last

Forum Jump