PC manufacturer Lenovo has been shipping PCs with an extraordinarily nasty piece of adware called Superfish.
The basic concept is bad enough: Superfish watches your Internet activity and injects advertisements into web pages. But Superfish is much worse than that, since in the process of hijacking your web sessions, it opens your PC to ‘man in the middle’ attacks.
Lenovo has been downplaying the risks involved, while analysts continue to demonstrate just how bad this situation really is.
Affected models include:
- G Series: G410, G510, G710, G40-70, G50-70, G40-30, G50-30, G40-45, G50-45
- U Series: U330P, U430P, U330Touch, U430Touch, U530Touch
- Y Series: Y430P, Y40-70, Y50-70
- Z Series: Z40-75, Z50-75, Z40-70, Z50-70
- S Series: S310, S410, S40-70, S415, S415Touch, S20-30, S20-30Touch
- Flex Series: Flex2 14D, Flex2 15D, Flex2 14, Flex2 15, Flex2 14(BTM), Flex2 15(BTM), Flex 10
- MIIX Series: MIIX2-8, MIIX2-10, MIIX2-11
- YOGA Series: YOGA2Pro-13, YOGA2-13, YOGA2-11BTM, YOGA2-11HSW
- E Series: E10-30]
You can confirm that your computer is affected using the Superfish CA test (offline as of 2016Jan06).
Anyone who owns or uses one of these models should follow the Superfish removal instructions or ask their IT/support person to look into it.
Update 2015Feb21-1: Lenovo is may be starting to recognize and admit their mistake. Meanwhile, Superfish (developers of the adware) remains defiant, and Komodia (who develop spyware that is apparently at the heart of this issue) is saying nothing at all.
Update 2015Feb21-2: Microsoft has added Superfish detection and automatic removal to Windows Defender.
Update 2015Feb21-3: Lenovo’s CTO is still in denial, saying the vulnerability is ‘theoretical’.
Update 2015Feb21-4: Ars Technica takes a closer look at the Komodia software and the risks related to the way it was used by Superfish.
Update 2015Feb21-5: Superfish (the company) has a history of annoying people with their intrusive technologies. That hasn’t stopped them from making a ton of money, however. The company’s CEO is insisting that they did nothing wrong, but doesn’t address the specific technical concerns.
One thought on “A warning to Lenovo PC users”