Lenovo laptops are delivered with malware software Superfish along with certificate and private key

The “Superfish” program that is delivered along with Lenovo laptops Y50, Z40, Z50, G50 and Yoga 2 Pro, is classified as a typical malware, it listens for your internet traffic, analyzes searching queries of the user and inserts contextual adverts on pages of different websites. This application works on the level of the system, it can also intercept HTTPS traffic.

To do that, this adware program installs its own CA-certificate and starts to run all traffic between the browser and a host through itself, changing the certificate of its own. This software started to deliver with laptops since June 2014. The first message about this software on Lenovo forums was written at September 2014.

This news is not very pleasant from Lenovo users, but it got even worse not so long ago, when one detail was revealed. This detail increases severity rating for these users. As it became known, there is not only a CA certificate inside of the program, but also a private encrypted key. It will be no problems for a skilled user to pick a password to this key using a “komodia” sniffer.

Basically, it means that any potential cyber criminal that is able to connect to public wi-fi network, can use this CA certificate to reroute all traffic through his computer and decrypt the private key without you noticing it.

Representatives of Lenovo Company informed community that they stopped the deliveries of “Superfish” program with new laptops since January 2015 and that they disabled already activated copies of this malware. Here is available a removal instruction for Superfish malware.