Lenovo announced that it has stopped pre-loading on its computer products a third-party advertising software known as Superfish following the discovery of a flaw that provide a way for hackers to snatch users’ encrypted data and online passwords.
An advisory issued by the Chinese computer company said that Superfish was included in some of its notebooks shipped between September 2014 and February 2015. The world’s largest seller of PCs said it thought Superfish would be a help for its customers and had no idea it would be a security threat. Superfish intercepts HTTPS traffic using a self-signed root certificate.
The software was meant “to assist customers with discovering products similar to what they are viewing,” the advisory said. “However, user feedback was not positive and we responded quickly and decisively.”
“Vulnerabilities have been identified with the software, which include installation of a self-signed root certificate in the local trusted CA store. The application can be uninstalled, however, the current uninstaller does not remove the Superfish certificate,” Lenovo said.
Lenovo also provided instruction how to uninstall the Superfish application. (Click on the image above to access Superfish unistall instructions)
The company said it has actually disabled server side Superfish interactions with Lenovo products since January and stopped preloading the software on its products since January.
The following Lenovo products may be affected:
E-Series:
E10-30
Flex-Series:
Flex2 14, Flex2 15
Flex2 14D, Flex2 15D
Flex2 14 (BTM), Flex2 15 (BTM)
Flex 10
G-Series:
G410
G510
G40-70, G40-30, G40-45
G50-70, G50-30, G50-45
M-Series:
Miix2 – 8
Miix2 – 10
Miix2 – 11
S-Series:
S310
S410
S415; S415 Touch
S20-30, S20-30 Touch
S40-70
U-Series:
U330P
U430P
U330Touch
U430Touch
U540Touch
Y-Series:
Y430P
Y40-70
Y50-70
Yoga-Series:
Yoga2-11BTM
Yoga2-11HSW
Yoga2-13
Yoga2Pro-13
Z-Series:
Z40-70
Z40-75
Z50-70
Z50-75
To find out how to uninstall Superfish, click here.
