Lenovo recently admitted that it was installing software called Superfish in customer’s laptops that were sold between September 2014 and January 2015 although we understand that ThinkPads were unaffected. Superfish sought to improve customer’s shopping experience by analyzing the images you see during your browsing sessions and scours more than 70,000 stores to find similar products that might have lower prices.
You can test if you have Superfish installed by heading to this site made by security researcher Filippo Valsorda.
The problem with this was that it introduced a serious vulnerability as Superfish uses techniques that work like a man-in-the-middle attack to break Windows’ encrypted Web connections for the sake of advertising. To add insult to injury, security researchers who further researched Superfish found and broke the password that allowed someone to be able to completely bypass a computer’s web encryption. The key for Superfish was the same for all users putting thousands of computers at risk.
The sort of rubbish that this can be caused can be illustrated with this screenshot:
Lenovo has now released a removal tool for this and we recommend those affected to run it as soon as possible.
Lenovo isn’t alone in using this type of software….