Home / Technology / US urges stealing Superfish module from Lenovo laptops

US urges stealing Superfish module from Lenovo laptops


BOSTON (Reuters) – The U.S. supervision on Friday suggested Lenovo Group Ltd business to mislay a “Superfish,” a module pre-installed on some Lenovo laptops, observant it creates users exposed to cyberattacks.

The Department of Homeland Security pronounced in an warning that a module creates users exposed to a form of cyberattack famous as SSL spoofing, in that remote enemy can review encrypted web traffic, route trade from central websites to spoofs, and perform other attacks.

“Systems that came with a program already commissioned will continue to be exposed until visual actions have been taken,” a group said.

Adi Pinhas, arch executive of Palo Alto, California-based Superfish, pronounced in a matter that his company’s program helps users grasp some-more applicable hunt formula formed on images of products viewed. He pronounced a disadvantage was “inadvertently” introduced by Israel-based Komodia, that built a focus described in a supervision notice.

Komodia CEO arak Weichselbaum declined criticism on a vulnerability.

Komodia’s website says it produces a “hijacker” that allows users to perspective information encrypted with SSL technology.

“The hijacker uses Komodia’s redirector height to concede we easy entrance to a information and a ability to modify, redirect, block, and record a information though triggering a aim browser’s acceptance warning,” according to a site.

Marc Rogers, a researcher with CloudFlare, pronounced that means companies that muster Komodia record can meddler on web traffic.

“These guys can do all from usually collect a small bit of selling information, all a approach to building a form on we and espionage on your banking connections,” he said. “It’s a really dangerous slope.”

Rogers pronounced that use of Komodia’s record in other products creates them exposed to a same forms of attacks as Lenovo’s Superfish.

He pronounced other exposed products embody dual parental filters: One from Komodia famous as KeepMyFamilySecure and another from Qustodio.

Komodia’s Weichselbaum pronounced his association was questioning reports of vulnerabilities in KeepMyFamilySecure.

Qustodio CEO Eduardo Cruz Chief Executive pronounced his company’s Windows parental filter was exposed and he hoped to pull out a repair within a few days.

Lenovo did not divulge how many machines were affected, though pronounced that usually machines shipped from Sep to Dec of final year had been pre-loaded with a exposed software.

Affected Lenovo products embody laptops in a Yoga, Flex and MiiX lines as good as a E, G, U, Y and Z series, according to a company’s support website. (lnv.gy/1LiWKX2)

(Reporting by Jim Finkle; Editing by Chris Reese and David Gregorio)

Article source: http://www.reuters.com/article/2015/02/20/us-lenovo-cybersecurity-dhs-idUSKBN0LO21U20150220

Scroll To Top