Technology Blog »

Superfish Vulnerability

Lenovo
February 23, 2015

As media coverage starts to increase on the latest discovery by security experts we  would like to offer you some insight on Superfish and recommend ways to keep yourself protected.

What is Superfish and How can it get in your computer?

Superfish is basically your run-of-the-mill Adware software, but with some big security holes.  As stated in the Official Vulnerability Release, during September of 2014 and February of 2015 Lenovo pre-installed a piece of software along with a certificate on some of their retail computer models. At its core, Superfish is meant to place advertisements in your web browser. The problem is that the software also intercepts encrypted traffic, which opens up your computer to man-in-the-middle attacks (which work similar to the Heartbleed security bug from last year).

A vulnerability such as "Superfish" is considered a "High Threat" by the cybersecurity community due to its nature. Since the "Private Key" of the certificate (a security measure used by certificates) is hidden within the software, malicous hacker on the internet can recreate the certificate and use it to intercept your otherwise secure connections. In fact, within a few hours of the publishing of the vulnerability a copy of the certificate and its private key was posted all over the internet.

Is My Computer Affected ?

If you purchased your Lenovo computer from Delaney Computer Services the good news is your are not affected. As stated by Lenovo, this software was included on a limited retail models of computers. These models are mostly found on major retail stores such as Best Buy and Wallmart. As part of our commitment to always provide the best solutions for our customers, we offer Lenovo Business Level computers only. This includes the all Lenovo Computer series  made for and widely used by corporate America.

If you own a Lenovo Computer and are unsure of its presence please refer to the Lenovo Official Statement to see if your computer model is affected.

How Do I Protect Myself?

If you are unsure of your Lenovo computer provenience you can find instructions on how to remove the software and the vulnerable certificate using the instructions provided by Lenovo here.