Lenovo opened its own can of worms by admitting to installing Superfish on its laptops sold between September 2014 and January 2015. Superfish is adware that inserted ads on websites viewed on Lenovo laptops; it also exposed Lenovo customers to huge security flaws. According to Lenovo, Superfish was created to help customers find cheaper products when shopping online.
Initially, Superfish was just an annoying feature of some Lenovo laptops. However, it was soon discovered that if anyone who had a password for a certain security certificate that handled internet traffic could use the certificate to target Lenovo computers and install malware. Superfish became an even bigger problem when the password for the security certificate was stored in the Superfish active memory. Lenovo released an updated official statement on Superfish:
“We ordered Superfish preloads to stop and had server connections shut down in January based on user complaints about the experience. However, we did not know about this potential security vulnerability until yesterday. Now we are focused on fixing it.
Since that time we have moved as swiftly and decisively as we can based on what we now know. While this issue in no way impacts our ThinkPads; any tablets, desktops or smartphones; or any enterprise server or storage device, we recognize that all Lenovo customers need to be informed. We apologize for causing these concerns among our users for any reason – and we are learning from experience and improve what we do and how we do it. We will continue to take steps to make removal of the software and underlying vulnerable certificates in question easy for customers so they can continue to use our products with the confidence that they expect and deserve. We are working with McAfee and Microsoft to have the Superfish software and certificate quarantined or removed using their industry-leading tools and technologies. This action has already started and will automatically fix the vulnerability even for users who are not currently aware of the problem.”
Check out the full official Lenovo Superfish statement in the link below for more information. The Superfish removal tool removes the Superfish application and removes the security certificate from all browsers. Don’t forget to download the Superfish removal tool in the link below if you think your computer might be infected.
