|
Users reported as early as last June that a
program called Superfish pre-installed by Lenovo on consumer
laptops was 'adware', or software that automatically displays
adverts.
Robert Graham, CEO of U.S.-based security research firm Errata
Security, said Superfish was malicious software that hijacks and
throws open encrypted connections, paving the way for hackers to
also commandeer these connections and eavesdrop, in what is
known as a man-in-the-middle attack.
Lenovo had installed Superfish on consumer computers running
Microsoft Corp's Windows, he added. "This hurts (Lenovo's)
reputation," Graham told Reuters. "It demonstrates the deep flaw
that the company neither knows nor cares what it bundles on
their laptops."
An administrator on Lenovo's official web forum said on Jan. 23
that Superfish has been temporarily removed from consumer
computers. Lenovo executives were not immediately available for
comment during the Lunar New Year holiday in China.
Graham and other experts said Lenovo was negligent, and that
computers could still be vulnerable even after uninstalling
Superfish. The software throws open encryptions by giving itself
authority to take over connections and declare them as trusted
and secure, even when they are not.
"The way the Superfish functionality appears to work means that
they must be intercepting traffic in order to insert the ads,"
said Eric Rand, a researcher at Brown Hat Security. "This
amounts to a wiretap."
Concerns about cybersecurity have dogged Chinese firms,
including telecoms equipment maker Huawei Technologies Ltd over
ties to China's government and smartphone maker Xiaomi Inc over
data privacy.
Lenovo commanded one-fifth of the global PC market in the third
quarter of 2014, according to data research firm IDC.
(Editing by Miral Fahmy)
[© 2015 Thomson Reuters. All rights
reserved.] Copyright 2015 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
 |
|
