24 Feb

“Superfish” Security Vulnerability on some Lenovo Laptops

Badfish - Superfish Vulneribility ScannerHave you recently bought a non-ThinkPad branded Lenovo laptop?  If so, your passwords and banking information could be vulnerable to hackers!

Recently, it came to light that a piece of software called Superfish was pre-installed on some recently released Lenovo laptops, and that Superfish circumvents SSL, which is what many sites – including major banking and social media websites – use to secure the exchange of sensitive data such as login information and passwords. This circumvention could be exploited by hackers and third parties to silently intercept that information.  Many people are referring to Superfish as “adware” because of the exploitative behaviour it exhibits.

This is a large breach of trust issue for Lenovo and for computing in general, so if consumer privacy is a topic that concerns you, then this is a story to keep an eye on.  Yesterday, a lawsuit was filed against Lenovo for this, and certainly there will be more fallout from this before everything is said and done.

You can check if a certain model is affected in the official statement Lenovo released: http://news.lenovo.com/article_display.cfm?article_id=1929

You can also check if your computer is affected using this website, built by security experts at CloudFlare: https://filippo.io/Badfish/

If you’d like to learn a bit more about Superfish, CBC has an article that gives a broad overview of the situation:  http://www.cbc.ca/news/technology/superfish-adware-frenzy-over-lenovo-betrayal-of-trust-1.2968640

You can also download the tool to remove Superfish here, in this additional released statement from Lenovo:  http://news.lenovo.com/article_display.cfm?article_id=1931

Finally, here’s an open letter from Lenovo CTO Peter Hortensius: http://news.lenovo.com/article_display.cfm?article_id=1932