Skip to main content
NTv Online

Sci-Tech

Sci-Tech
  • Science
  • Technology
  • Bangla Version
  • Archive
  • Bangladesh
  • World
  • Sports
  • Entertainment
  • Business
  • Comment
  • Education
  • Life
  • Health
  • Art & Culture
  • Election
  • বাংলা
  • Bangladesh
  • World
  • Sports
  • Entertainment
  • Business
  • Comment
  • Education
  • Life
  • Health
  • Art & Culture
  • Election
  • বাংলা
  • Bangla Version
  • Archive
Follow
  • Sci-Tech
Reuters
21 February, 2015, 11:37
Update: 21 February, 2015, 11:37
More News
Intel, Qualcomm, and other chipmakers reportedly join Google in Huawei ban
Google suspends some business with Huawei after Trump blacklist
Bangabandhu Satellite’s commercial operation begins today
Facebook changes its livestreaming policy
Driverless electric truck starts deliveries on Swedish public road

US urges removing ‘Superfish’ from Lenovo laptops

Reuters
21 February, 2015, 11:37
Update: 21 February, 2015, 11:37
People stand under a sign showing the Lenovo company at a computer market in Shanghai on 21 January 2014. Photo: Reuters

Boston, US: The US government on Friday advised Lenovo Group Ltd customers to remove ‘Superfish,’ a program pre-installed on some Lenovo laptops, saying it makes users vulnerable to cyberattacks.

The Department of Homeland Security said in an alert that the program makes users vulnerable to a type of cyberattack known as SSL spoofing, in which remote attackers can read encrypted web traffic, redirect traffic from official websites to spoofs, and perform other attacks.

‘Systems that came with the software already installed will continue to be vulnerable until corrective actions have been taken,’ the agency said.

Adi Pinhas, chief executive of Palo Alto, California-based Superfish, said in a statement that his company's software helps users achieve more relevant search results based on images of products viewed. He said the vulnerability was ‘inadvertently’ introduced by Israel-based Komodia, which built the application described in the government notice.

Komodia CEO Barak Weichselbaum declined comment on the vulnerability.

Lenovo apologised late on Friday in a statement for ‘causing these concerns among our users’ and said that it was ‘exploring every action we can’ to address the issues around Superfish, including offering tools to remove the software and certificate.

‘We ordered Superfish pre-loads to stop and had server connections shut down in January based on user complaints about the experience. However, we did not know about this potential security vulnerability until yesterday (Thursday),’ the Lenovo statement said.

‘We recognize that this was our miss, and we will do better in the future. Now we are focused on fixing it,’ the company said.

Komodia's website says it produces a ‘hijacker’ that allows users to view data encrypted with SSL technology.

‘The hijacker uses Komodia’s redirector platform to allow you easy access to the data and the ability to modify, redirect, block, and record the data without triggering the target browser’s certification warning,’ according to the site.

Marc Rogers, a researcher with CloudFlare, said that means companies which deploy Komodia technology can snoop on web traffic.

‘These guys can do everything from just collect a little bit of marketing information, all the way to building a profile on you and spying on your banking connections,’ he said. ‘It's a very dangerous slope.’

Rogers said that use of Komodia's technology in other products makes them vulnerable to the same types of attacks as Lenovo's Superfish.

He said other vulnerable products include two parental filters: One from Komodia known as KeepMyFamilySecure and another from Qustodio.

Komodia's Weichselbaum said his company was investigating reports of vulnerabilities in KeepMyFamilySecure.

Qustodio CEO Eduardo Cruz Chief Executive said his company's Windows parental filter was vulnerable and he hoped to push out a fix within a few days.

Lenovo did not disclose how many machines were affected, but said that only machines shipped from September to December of last year had been pre-loaded with the vulnerable software.

Affected Lenovo products include laptops in its Yoga, Flex and MiiX lines as well as its E, G, U, Y and Z series, according to the company's support website.

Most Read
  1. ‘Block Screenshot for Calls’ feature to ensure imo privacy
  2. Winners of 2021 UiPath Automation Excellence Awards announced
  3. UiPath rated market leader in Zinnov Zones for HIA
  4. Mobile radiation exposure not harmful to health, environment: BTRC
  5. Intel, Qualcomm, and other chipmakers reportedly join Google in Huawei ban
  6. Google suspends some business with Huawei after Trump blacklist
Most Read
  1. ‘Block Screenshot for Calls’ feature to ensure imo privacy
  2. Winners of 2021 UiPath Automation Excellence Awards announced
  3. UiPath rated market leader in Zinnov Zones for HIA
  4. Mobile radiation exposure not harmful to health, environment: BTRC
  5. Intel, Qualcomm, and other chipmakers reportedly join Google in Huawei ban
  6. Google suspends some business with Huawei after Trump blacklist

Follow Us

Alhaj Mohammad Mosaddak Ali

Chairman & Managing Director

NTV Online, BSEC Building (Level-8), 102 Kazi Nazrul Islam Avenue, Karwan Bazar, Dhaka-1215 Telephone: +880255012281 up to 5, Fax: +880255012286 up to 7

Browse by Category

  • About NTV
  • NTV Programmes
  • Advertisement
  • Web Mail
  • NTV FTV
  • Satellite Downlink
  • Europe Subscription
  • USA Subscription
  • Privacy Policy
  • Terms & Conditions
  • Contact

Our Newsletter

To stay on top of the ever-changing world of business, subscribe now to our newsletters.

* We hate spam as much as you do

Alhaj Mohammad Mosaddak Ali

Chairman & Managing Director

NTV Online, BSEC Building (Level-8), 102 Kazi Nazrul Islam Avenue, Karwan Bazar, Dhaka-1215 Telephone: +880255012281 up to 5, Fax: +880255012286 up to 7

Reproduction of any content, news or article published on this website is strictly prohibited. All rights reserved