Call us on 01892 882420

Lenovo Superfish – Not an oriental comic hero

If you believe you have been affected by this vulnerability please contact us.

Lenovo misstep leaves their customers vulnerable to hackers.

How do you know the website you are browsing really is the website you were aiming for?

We all rely on search engines such as Google and Bing to navigate the millions of sites on the Internet every day. However we also know enterprising individuals set up fake “spoof" sites, mimicking key websites where money or confidential information is involved, like Banks and Government gateways.

Spoof sites range from obvious to sophisticated. Some spoof sites actually act as a bridge between you and the correct site, passing through what you type and returning the results from the official site for you to view, what is known as a man-in-the-middle exploit. These are very hard to detect as the site acts the way you expect and shows you your account information as it actually is. The critical difference is the spoof site is sitting between you and your account and “eavesdropping” your account details.

To combat this problem official sites validate themselves using an SSL certificate. An SSL certificate acts like a passport, allowing browsers to verify that a website is who it says it is. Once your browser receives confirmation it is in the right place it displays a lock or a green bar against the website address in your browser.

One of our top tips to avoid unwittingly compromising your PC security is:

***Never pay for anything, download anything or give any personal information or logins & passwords on an unsecured site!***

Lenovo, however, made a mistake on their new laptops, shipped between September 14 and February 15, which circumvented SSL security in order to “tweak” the browsing experience for their customers.

The result? Customers using the laptops that Lenovo had installed Superfish on became vulnerable to spoof sites as they would accept any certificate provided by a website at face value.

Lenovo have issued guidance on how to remove the Superfish program and related files; by going public they are hoping to reach as many people as possible to make them aware of the risk.

For more information about this problem see Lenovo's Superfish support page.

Please note this only affects individuals who have purchased a Lenovo Notebook between Sep 14 and Feb 15.

<< Go back to the previous page