Lenovo’s ‘Superfish’ Adware: What to do if You’re Affected
Recently, there’s been a lot of great news for Lenovo (including the purchase of Motorola from Google) and it seemed that the company was on the right path to become an even more trustworthy OEM for consumers. But now the Chinese multinational stands accused of allegedly shipping Windows laptops with software that inserts ads into search results and which is even capable of hijacking secure website connections. And if this sounds pretty nasty to you, well, then that’s because it really is dirty business.
The adware is reportedly capable to intercept and hijack SSL/TLS connections to websites thanks to the installation of a self-signing certificate authority on affected machines. Called Superfish Visual Discovery software, it seems that it was installing a self-signed root certificate authority which allowed it to conduct a man-in-the-middle attack and view the contents of any encrypted connections.
Now, what would happen if some criminal-minded hacker could use Superfish’s encryption methods and abuse them to intercept other people’s traffic? Nothing too good, that’s for sure. And it seems that the installation of Superfish onto new Lenovo laptops hasn’t even been done properly, as many complained the software was interfering with other digital certificates and smart card readers.
Infected with Superfish AdWare? Here’s what you can do
First of all, you need to check whether your Lenovo device is infected or not. At the time of writing this, Lenovo has issued an official statement, saying that only some consumer notebook products shipped between October and December have been affected:
Superfish was previously included on some consumer notebook products shipped in a short window between October and December to help customers potentially discover interesting products while shopping
Looking at various reports from users around the web, it seems only the Lenovo P, Y & Z series are affected, while Yoga and ThinkPad models are unaffected. [Update: Lenovo says even the E, Flex, G, M, S, U and Yoga series models are affected as well]
But go ahead and access this website (via @supersat) which will run a very simple Superfish CA test. Also, you can check Can I Be Super-Phished, and if you can access the website without any requirements, then it means you are vulnerable. To make it clear, if you DON’T get a warning, only then you are vulnerable.
Now, if you have been affected, first of all, you need to understand that the only sure remedy would be to be reinstall Windows from a non-Lenovo image or move to another operating system. Uninstalling the Superfish software can reportedly leave the root certificate authority behind, but if you’re sure you want to do it, here are the steps you need to take:
- Go to Control Panel and search for “certificates”
- In the “manage computer certificates” option click on the “Trusted Root Certification Authorities” option and then “Certificates”
- From the list of certificates you see one with Superfish Inc attached to it
- Uninstall it if it’s present
However, it seems that Lenovo has taken some actions to prevent this, but it could be a little too late. Here’s what you need to know
- Superfish has completely disabled server side interactions since January) on all Lenovo products, thus disabling Superfish for all products in market
- Lenovo stopped preloading the software in January
- The company will not preload this software in the future
But this doesn’t answer if a hacker can misuse the already installed fake certificates. Hence, follow the steps above to stay safe. This should be a good lesson to all electronics makers out there. They should really respect a simple rule of business – when somebody buys your product, it belongs to them, and you shouldn’t ‘dare’ to infiltrate it with all sorts of dubious cash-making tools.