Lenovo reels in Superfish over security issues

Lenovo announced that it has stopped pre-loading on its computer products a third-party advertising software known as Superfish following the discovery of a flaw that provide a way for hackers to snatch users’ encrypted data and online passwords.

An advisory issued by the Chinese computer company said that Superfish was included in some of its notebooks shipped between September 2014 and February 2015. The world’s largest seller of PCs said it thought Superfish would be a help for its customers and had no idea it would be a security threat. Superfish intercepts HTTPS traffic using a self-signed root certificate.

The software was meant “to assist customers with discovering products similar to what they are viewing,” the advisory said. “However, user feedback was not positive and we responded quickly and decisively.”

“Vulnerabilities have been identified with the software, which include installation of a self-signed root certificate in the local trusted CA store. The application can be uninstalled, however, the current uninstaller does not remove the Superfish certificate,” Lenovo said.

 Lenovo superfish malware

Lenovo also provided instruction how to uninstall the Superfish application. (Click on the image above to access Superfish unistall instructions)

The company said it has actually disabled server side Superfish interactions with Lenovo products since January and stopped preloading the software on its products since January.

The following Lenovo products may be affected:

E-Series:

E10-30

Flex-Series:

Flex2 14, Flex2 15

Flex2 14D, Flex2 15D

Flex2 14 (BTM), Flex2 15 (BTM)

Flex 10

G-Series:

G410

G510

G40-70, G40-30, G40-45

G50-70, G50-30, G50-45

M-Series:

Miix2 – 8

Miix2 – 10

Miix2 – 11

S-Series:

S310

S410

S415; S415 Touch

S20-30, S20-30 Touch

S40-70

U-Series:

U330P

U430P

U330Touch

U430Touch

U540Touch

Y-Series:

Y430P

Y40-70

Y50-70

Yoga-Series:

Yoga2-11BTM

Yoga2-11HSW

Yoga2-13

Yoga2Pro-13

Z-Series:

Z40-70

Z40-75

Z50-70

Z50-75

To find out how to uninstall Superfish, click here.

 

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Nestor E. Arellano
Nestor E. Arellano
Toronto-based journalist specializing in technology and business news. Blogs and tweets on the latest tech trends and gadgets.

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now