Lenovo, the largest maker computers in the world, confirmed that installed a program to provide notices advertising to its users, later identified as risky by many security experts.
The statement came after a day where the firm was under the reviews various specialists who analyzed the call Superfish, installed on various notebooks from Lenovo and exposes the user to be spied while browsing.
Superfish was installed between September and December unspecified amount of notebooks. (See below models)
Lenovo said to have found no evidence that the program analyze the movements or store user information. But nevertheless decided to stop installing Sueprfish.
Robert Graham, CEO of security firm Erradata said Superfish is malicious software that records encrypted connections, leaving open the door for hackers channel an attack in this way.
Graham said Lenovo was negligent and that computers can remain engaged even though the software is uninstalled.
Eric Rand, an analyst at Brown Hat Security said Superfish is the equivalent of a wiretap because it is able to intercept encrypted communications during navigation.
Ken White, identified as a computer security specialist, showed on Twitter how Superfish is capable of intercept secure communication with the site of Bank of America to be able to handle security protocols:
Lenovo did not specify which countries or many machines are compromised, but gave a list of models where was installed Superfish:
– Serie G : G410, G510, G710, G40-70, G50-70, G40-30, G50-30, G40-45, G50- 45
– Serie U : U330P, U430P, U330Touch, U430Touch, U530Touch
– Series Y : Y430P, Y40- 70, Y50-70
– Serie Z : Z40-75, Z50-75, Z40-70, Z50-70
– Serie S : S310, S410, S40-70, S415, S415Touch, S20-30, S20-30Touch
– Serie Flex : Flex2 14D, 15D Flex2, Flex2 14 Flex2 15, Flex2 14 (BTM), Flex2 15 (BTM), Flex 10
– Serie MIix : MIIX2-8, MIIX2-10, MIIX2-11
– Serie Yoga : YOGA2Pro-13, YOGA2-13, YOGA2-11BTM, YOGA2-11HSW
If your computer is on that list, click here to analyze if you are at risk and remove Superfish.
No comments:
Post a Comment