Have an older Lenovo? Beware...
Posted: Thu Feb 19, 2015 10:14 amApparently Lenovo has been including what amounts to spyware on their laptops using certs signed by Superfish, inc. that is capable of performing a man-in-the-middle attack on encrypted TLS traffic, meaning that in theory, they could snoop account information, credit card data, etc. Lenovo claims they've disabled this feature, but the malware (which is essentially what this is), purchased from Komodia, still persists. A certain Robert Graham went as far as to extract the private key used for communication with SuperFish's upstream services.
Oh, and if you really want to be spooked, here's what Komodia says about their SSLDigester product:
Komodia also warns that their product offerings may be considered malicious by some antivirus software. Go figure.
Edit: Here's another article that explains how Lenovo was using the ad injector SDK to sneak ads into sniffed HTTP and HTTPS traffic.
Edit: Corrected reference to Superfish.
Oh, and if you really want to be spooked, here's what Komodia says about their SSLDigester product:
The SSL Digestor is a modified Man In The Middle attack, what it does is "talk" with the application on one side, and talking with the target server on the other, and the Redirector being the man in the middle, just as someone who gets a secret whispered in each ear, normally the browser/app would raise an alert because of the modified certificate, but the Komodia's Redirector installs a root CA certificate in advance which means the browser will not send an alert because the certificate created is legit from SSL point of view.
Komodia also warns that their product offerings may be considered malicious by some antivirus software. Go figure.
Edit: Here's another article that explains how Lenovo was using the ad injector SDK to sneak ads into sniffed HTTP and HTTPS traffic.
Edit: Corrected reference to Superfish.