Lenovo laptops vulnerable to hacking !!
The world’s largest PC maker, Lenovo Group Ltd has recently been in the news for pre-installing a virus-like software on laptops that makes the devices more vulnerable to hacking. A programme called Superfish, a shopping aid, was pre-installed on some Lenovo consumer laptops sold between September and January by Lenovo on consumer laptops. It was reported as software that automatically displays adverts.
CEO of a U.S.based security research firm Errata Security, Robert Graham, said that “It was a malicious software which hijacks and throws open encrypted connections making way for hackers to also commandeer these connections. This hurts Lenovo’s reputation. It demonstrates the deep flaw that the company neither knows nor cares what it bundles on their laptops.”
The company confirmed that the way Superfish operates could leave machines vulnerable to a “man-in-the-middle,” or MITM attack in which an attacker mimics both sides of a conversation to actively eavesdrop on each one. The problem stems from the fact that this software intercepts Web traffic, including secure traffic, using a self-signed security certificate that could be spoofed by attackers.
Lenovo’s official web forum announced on Jan. 23 that Superfish has been temporarily removed from consumer computers. Lenovo executives were not immediately available for comment during the Lunar New Year holiday in China.
Lenovo has posted instructions on its website for how to remove Superfish and plans to release a tool later on that will make that process easier. It is also working with antivirus companies to enable those tools to remove the code.
Microsoft has already added the ability to remove it from PCs with its Defender tool.