“Superfish” will defend users from Cyberattack


Boston: The US government on Friday has ordered Lenovo Group Ltd customers to eradicate “Superfish,” from Lenovo. It is a program pre-installed on some Lenovo laptops and will defend from users to the cyberattack.

Homeland security officials said, in an alert that the program makes users vulnerable to a type of cyberattack known as SSL spoofing, in which remote attackers can read encrypted web traffic, redirect traffic from official websites to spoofs, and perform other attacks.

California-based Superfish chief executive of Palo Alto, Adi Pinhas said, his company’s software helps users achieve more relevant search results based on images of products viewed. He said the vulnerability was “inadvertently” introduced by Komodia CEO Barak Weichselbaum declined comment on the vulnerability.

Lenovo apologized late on Friday in a statement for “causing these concerns among our users” and said that it was “exploring every action we can” to address the issues around Superfish, including offering tools to remove the software and certificate.

“We ordered Superfish pre-loads to stop and had server connections shut down in January based on user complaints about the experience. However, we did not know about this potential security vulnerability until yesterday,” the Lenovo statement said.

“We recognize that this was our miss, and we will do better in the future. Now we are focused on fixing it,” the company said. Komodia’s website says it produces a “hijacker” that allows users to view data encrypted with SSL technology.

“The hijacker uses Komodia’s redirector platform to allow you easy access to the data and the ability to modify, redirect, block, and record the data without triggering the target browser’s certification warning,” according to the site. Marc Rogers, a researcher with CloudFlare, said that means companies which deploy Komodia technology can snoop on web traffic.

He said other vulnerable products include two parental filters: One from Komodia known as KeepMyFamilySecure and another from Qustodio. Komodia’s Weichselbaum said his company was investigating reports of vulnerabilities in Keep My Family Secure.

Qustodio CEO Eduardo Cruz Chief Executive said his company’s Windows parental filter was vulnerable and he hoped to push out a fix within a few days. Lenovo did not disclose how many machines were affected, but said that only machines shipped from September to December of last year had been pre-loaded with the vulnerable software.

Affected Lenovo products include laptops in its Yoga, Flex and MiiX lines as well as its E, G, U, Y and Z series, according to the company’s support website.