Site icon IT World Canada

Lenovo reels in Superfish over security issues

Lenovo superfish malware rootkit

Lenovo announced that it has stopped pre-loading on its computer products a third-party advertising software known as Superfish following the discovery of a flaw that provide a way for hackers to snatch users’ encrypted data and online passwords.

An advisory issued by the Chinese computer company said that Superfish was included in some of its notebooks shipped between September 2014 and February 2015. The world’s largest seller of PCs said it thought Superfish would be a help for its customers and had no idea it would be a security threat. Superfish intercepts HTTPS traffic using a self-signed root certificate.

The software was meant “to assist customers with discovering products similar to what they are viewing,” the advisory said. “However, user feedback was not positive and we responded quickly and decisively.”

“Vulnerabilities have been identified with the software, which include installation of a self-signed root certificate in the local trusted CA store. The application can be uninstalled, however, the current uninstaller does not remove the Superfish certificate,” Lenovo said.

Lenovo also provided instruction how to uninstall the Superfish application. (Click on the image above to access Superfish unistall instructions)

The company said it has actually disabled server side Superfish interactions with Lenovo products since January and stopped preloading the software on its products since January.

The following Lenovo products may be affected:

E-Series:

E10-30

Flex-Series:

Flex2 14, Flex2 15

Flex2 14D, Flex2 15D

Flex2 14 (BTM), Flex2 15 (BTM)

Flex 10

G-Series:

G410

G510

G40-70, G40-30, G40-45

G50-70, G50-30, G50-45

M-Series:

Miix2 – 8

Miix2 – 10

Miix2 – 11

S-Series:

S310

S410

S415; S415 Touch

S20-30, S20-30 Touch

S40-70

U-Series:

U330P

U430P

U330Touch

U430Touch

U540Touch

Y-Series:

Y430P

Y40-70

Y50-70

Yoga-Series:

Yoga2-11BTM

Yoga2-11HSW

Yoga2-13

Yoga2Pro-13

Z-Series:

Z40-70

Z40-75

Z50-70

Z50-75

To find out how to uninstall Superfish, click here.

 

Exit mobile version