+ - Lenovo Accused of Pushing Self-signed MITM Proxy-> 2
Submitted
by
jones_supa
jones_supa (887896) writes "More OEM crapware coming at you. Chinese hardware manufacturer Lenovo has come under fire for allegedly shipping consumer Windows laptops with software that hijacks secure website connections, as well as inserting ads into search results. The software is called "Superfish" and it installs its own self-signed root certificate authority. Superfish comes with Lenovo consumer products only, and is a technology that helps users "find and discover products visually". The technology instantly analyzes images on the web and presents identical and similar product offers. Google's Chris Palmer has been analyzing the issue on a Yoga 2 laptop. He has confirmed with one other affected user that the certificates used share the same key, which leaves any impacted Lenovo user vulnerable to an attack from anyone able to extract the certificate's private key, with the user left without any warning or notice of such an attack. Superfish can be uninstalled, but it reportedly leaves the root certificate authority behind. On a new laptop, the software can be disabled simply by not accepting the Terms of User and Privacy Policy on initial setup."
Link to Original Source
Link to Original Source
