SAN FRANCISCO – Removing software that comes with your brand-new Windows computer can be frustrating, but recently discovered software on new Lenovo laptops – the top-selling laptop brand in 2014 – can put your entire digital life at risk.
The preloaded software, called Superfish, alters your search results to show you different ads than you would otherwise see, CNET.Com reported. But it also tampers with your computer’s security so that attackers can snoop on your browser traffic – no matter which browser you’re using.
“Attackers are able to see all the communication that’s supposed to be confidential — banking transactions, passwords, emails, instant messages,” said Timo Hirvonen, a senior researcher at security software maker F-Secure. That kind of threat, known as a man-in-the-middle attack because the hacker can spy on the users’ Internet traffic and infiltrate their computer, poses a serious risk to consumers, he said.
Lenovo is scrambling to fix the problem. “We messed up badly,” said Peter Hortensius, Lenovo’s chief technology officer. He claims Lenovo was unaware Superfish put consumer’s Internet traffic up for grabs. “The intent was to supplement the shopping experience.”
On Friday afternoon, the PC maker said it was working with McAfee and Microsoft to have Superfish “quarantined or removed.” Lenovo released a Superfish removal tool that it promised would eliminate all traces of the software from Lenovo computers. Also on Friday, the US Department of Homeland Security warned that the Superfish software introduces a “critical vulnerability,” and it issued its own instructions for removing the spyware from Lenovo computers.
Superfish said Friday that it is working with Microsoft and Lenovo on a fix, and minimized concerns by the government and security researchers.
