Lenovo excoriated by everyone due to its act of installing adware on its consumer PCs that are caused for putting secure browser data on risk. Lenovo is shipping its Windows PCs with software called Superfish. It comes pre-installed on systems to inject visual advertise on the basis of your search on web.
By injecting such third party Ads, it makes your device vulnerable to threat. Not only the third party ads, but your HTTPS connections can’t be untouched from such vulnerability. This pre-installed Adware software allows hackers to access your secure data like bank details, passwords and many others.
Superfish VisualDiscovery is the Adware software which company had begun pre-installing in its all consumer devices back in January. But, unfortunately it has started acting like a man-in-the-middle – A certificate to inject Ads into website without users’ permission. This MITM allows hackers to hijack the secure data by authorizing itself for root certificate which are unrestricted.
When you access any secure connection, the Superfish will install a proxy for the same and then it will be able to create own SSL certificates for those secure connections. That will help them to inject advertising on that particular website and will also start reading the web pages including the secure and private pages like your fund transfer page, back detail and many others. Considering this as malicious won’t be wrong.
On the other side, Lenovo stated that they canceled the partnership for this software in January, but few systems still have the adware. Mark Hopkins, Lenovo community administrator said on this issue, "We have temporarily removed Superfish from our consumer systems until such time as Superfish is able to provide a software build that addresses these issues. As for units already in market, we have requested that Superfish auto-update a fix that addresses these issues."
The conditions are worse as the disabling or uninstalling the Superfish Adware program soes not able to remove the root certificate. Company’s statements are not able to stop this security glitch which the biggest PC maker has injected in its all devices by itself.
Source: Arstechnica.com