There is another article about the Lenovo/Superfish debacle on Silicon Beat that looks at what this application is supposed to do, and what it actual is doing, and a bit into what it could do if it so chooses. None of it sounds all that great and some of it is scary.
Superfish is supposed to allow users to take a picture, submit it to Superfish, and Superfish will search the web for a close match and return the results to you. I suppose this comes in handy if you are searching for the pair of pants you can’t find or live without. The CEO of Superfish Adi Pinhas denies the program is a security risk.
“Pinhas said the software installation was “to provide users with real-time price comparisons as they were shopping online.”
But in order to show these Superfish-generated ads, Lenovo has been breaking all encrypted traffic for millions of customers.
Business Insider described how this security flaw works: “Secure websites — like a bank, or a form for entering passport details — will have a security certificate, which proves to your browser that the site is who it says it is. These certificates stop rogue sites and hackers impersonating trusted websites and stealing your sensitive details. Superfish also inserts ads into these secure web pages, and it does so by installing a new certificate authority onto users laptops.”
Several experts have said Superfish is responsible for producing fake certificates; Superfish says Komodia is responsible. But Superfish also recognized there was a problem a while back, according to Pinhas.”
I removed this pest from my partner’s new Lenovo laptop yesterday. Use these instructions from Sophos to do likewise.Share