BANGALORE, INDIA: Lenovo's Superfish created a buzz since last week for all the wrong reasons and it has now been accepted by the company that the fault was from their part.
A complex piece of adware in Lenovo laptops Superfish, has been creating havoc in the cyber security landscape. Initially not accepting the fact that Superfish was an IT security concern when questioned by Electronic Frontier Foundation (EFF), Lenovo has now admitted that a piece of adware installed itself via man-in-the-middle (MITM) proxy service and hijacked SSL/TLS connections. eScan, assures a completely secured computing environment to Lenovo Laptop users.
Superfish that belongs to Adware family of programs, was pre-installed on Lenovo laptops. Adware, as such are highly intrusive, however the manner in which Superfish has been injecting their own advertisements into highly secured data-streams, leaves a huge question unanswered, i.e. Right to Privacy. Apart from being an Adware, Superfish had certain vulnerabilities which made these Laptop users vulnerable to man-in-the-middle attacks.
Researchers have dug out the password used to encrypt the security certificates used by Superfish, which theoretically would assist in unlocking the certificate authority and bypass the computer's web encryption.
Armed with right skill-set and tools, a skilled hacker on the same Wi-Fi network as a Superfished laced Lenovo, can potentially insert malware and spy on these unsuspecting users. Effectively, this bug nullifies whatsoever form of security that has been provided by secure websites. The websites can range from your web-based mail servers, like gmail.com and outlook.com, to shopping and banking websites.
According to a recent statement released by Lenovo, they have released a tool to help users remove Superfish, which can be downloaded.