Thoughts, information and reflections about technology

Lenovo PCs were bundled with Superfish that bypasses your https security (in 2015).

(Updated 2015) I’m not sure if this is still an issue with Lenovo. However, users need to beware of spyware bundled with their phones, computers or applications. Running a reputable anti spyware app can help

Lenovo has been bundling it’s PCs with Superfish.  The company claims that there are no issues with this software.

The problem is that Superfish is designed to bypass the security and encryption you get when you visit a site using https.  Superfish can then see passwords, bank account details and other personal information.

Lenovo has disabled the software for new shipments. If you have a machine with Superfish installed, you can remove it through the Windows uninstall. However, the digital certificate remains which also needs to be removed as this can be used by other applications to bypass security.

You definitely should remove Superfish as it could allow an attacker to install software on your machine.

One really creepy aspect of the software is

“They have a slick interface that allows for object-based searching based on photographs,””

The potential here is that if you have pictures of you on a personal watercraft on your PC or Facebook account, Superfish can detect the PWC and then start sending you ads about Personal Watercraft related items. I’m not sure about you, but that is a bit creepy to me.   I did have a thought though.. If I took pictures of cow droppings, I’d probably get a lot of political ads. 

For more details, see the technewsworld article.

Superfish worked by installing some ‘bad’ SSL certificates. You can check your machine for risks with the Badssl dashboard. If it finds a risk, you should follow up to determine if you can remove it. 


Similar Posts:

Leave a Reply

Your email address will not be published. Required fields are marked *

Contact me
Recent Comments