Chinese tech manufacturer Lenovo were rumbled recently for pre-installing potentially dangerous software onto their consumer laptops. After a tidal wave of criticism from customers, experts and the media, Lenovo have now responded by releasing a patch to remove the nosy adware.
Known as ‘Superfish’, the rather devious software adopts a trick commonly used in consumer devices since the 1990s. Superfish, named as such due to the company who created it, offers additional content with the intention of improving your shopping experience. Altering your search results, Superfish can offer greater depth to your browsing, such as price comparisons of a product, when hovering the cursor over it. To do this, it tracks and learns from how you surf the web, a tactic widely in operation in today’s online advertisements.
The appearance of this third-party programme was intended to enhance the users online shopping experience. In fact, Lenovo, in a statement released on Thursday, said as much.
“In our effort to enhance our user experience, we pre-installed a piece of third-party software, Superfish (based in Palo Alto, CA), on some of our consumer notebooks. The goal was to improve the shopping experience using their visual discovery techniques.”
Initially, the intrusive nature of the Superfish software, complete with its annoying pop-up ads, received a raft of complaints from customers. It was only when an alarming security risk was unearthed that the Superfish debacle was elevated to a level when even the US government felt they needed to intervene.
Aside from the invasive advertising features, Superfish also offers an external hacker with malicious intentions somewhat of an open goal. Any attacker exploiting this loophole could view all your (what is originally) encrypted web history. Using its own self-assigned Root Certificate Authority, Superfish could intercept ‘secure’ communications as a trusted party. Given its potential to acquire confidential data such as bank transactions, passwords and emails, Lenovo raised Superfish’s software threat to ‘high’.
Ever since the discovery, various interested parties have been falling over themselves in releasing various ways to remove the dangerous software. As mentioned above, the US government have had their say, included in which was a set of instructions for removing the exposed adware. Similarly, password encryption service LastPass released an online tool for recognising whether your Lenovo laptop is at risk of the Superfish breach.
Patch Available Now
Thankfully, Lenovo themselves have now moved to reassure its customers. After working closely with Microsoft (who develop the Windows operating system built onto Lenovo laptops) and security experts McAfee, a fix has now been officially released by Lenovo.
It’s rather unclear exactly how many systems have been affected by the threat. Snapfish did look to quell any large scale panic by assuring consumers their relationship with Lenovo was ‘Limited in scale’. Still, as one of the world’s leading laptop manufacturers (shipments hit 16 million in Q4 2014), a number of customers are thought to be involved.
Lenovo have released a list of all the affected models, which include popular ranges such as their laptop/tablet hybrid ‘Yoga-Series’. If you own one of the affected devices listed by Lenovo, use one of the solutions listed above to protect you and your sensitive data.
Title Image- Lenovo