Lenovo Admits It Should Have Known About Superfish’s Flaws

Chinese company Lenovo has loaded adware on many of its machines, and it has now been revealed that it could leave users vulnerable to hacks.

Lenovo logo

Ads, we realise, can be annoying. As far as a form of revenue goes, it’s important for Internet users that they aren’t intrusive, they aren’t annoying and they don’t scream audio in the next browser tab whilst you’re trying to browse the web. We can’t avoid them entirely so most of us just get on with it. Unfortunately, that’s not the case for those who use Lenovo computers as those users are now at risk thanks to the Chinese company’s ad policies.

To explain, Lenovo preloads adware into its devices. Adware is software that automatically displays or downloads ads onto your computer; while it’s generally annoying, it’s not usually harmful. The reason why Lenovo’s adware (called Superfish) is such a problem is because it does the following:

“[Superfish] installs a self-generated root certificate into the Windows certificate store and then resigns all SSL certificates presented by HTTPS sites with its own certificate.”

According to PC World, that leaves “a weakness that hackers could potentially use to steal sensitive data like banking credentials or just observe your web surfing activities.” Keep in mind that Lenovo is the biggest manufacturer of computers in the world and so millions of people across the globe are now vulnerable.

Lenovo laptop

How could Lenovo have possible missed this? That’s a very good question and Lenovo CEO Peter Hortensius said this week that “We should have known that going in that that was the case. We just flat-out missed it on this one, and did not appreciate the problem it was going to create… we are taking our beating like we deserve on this issue.”

His explanation doesn’t really answer the question since it seems mind-boggling that a company with as many smart minds as Lenovo didn’t realise that a piece of software designed to disrupt SSL certificates (SSL certificates are what make sure that the data passed between your browser and the server stays private) couldn’t be intercepted to steal user data.

What is hopeful is that Lenovo has promised not to install Superfish onto any more of its devices and PC World also has a guide you can use to find out if your PC is affected and how you can uninstall the software.

Source: Re/code

Be social! Follow Walyou on Facebook and Twitter, and read more related stories, Superfish Adware Puts Lenovo Users’ Safety at RiskLenovo buys Motorola and has big plans for it