Lenovo supplied malware on laptops a serious security hole

For discussions about security.
Post Reply
Message
Author
User avatar
solo
Posts: 389
Joined: Thu 14 Nov 2013, 20:33

Lenovo supplied malware on laptops a serious security hole

#1 Post by solo »

http://www.nu.nl/internet/3996036/onder ... lware.html

Translated from nu.nl website, february 19, 2015

Researcher is able to snoop on Lenovo-laptops through supplied malware

A dutch security researcher found a way to use malware which Lenovo supplied on its laptops to snoop on secured internet traffic.

Researcher Yonathan Klijnsma of Fox-IT writes on Twitter he has obtained the private key of the ssl-certificate of the Superfish malware.

With this private key, a secured connection being established with a ssl-certificate, can be unlocked. This will make Internet traffic viewable.

On thursday, it appeared that Lenovo had installed a piece of adware on its laptops, through which for instance extra web-ads couls be shown on web-pages. Lenovo says it is not supplying this malware on its laptop anymore since January.

The adware turned out not only to show ads, but also to 'hijack' secured https-connections, for instance online banking websites, by replacing the securtiy-certificate of a bank with its own certificate.

Snooping

As a result, the software is able to snoop on webpages it has no business doing so. Because Klijnsma now also obtained the private key of the certificate, he is able to read, and manipulate secured traffic from Lenovo laptops.

Before Klijnsma could obtain the key, he needed to have the ability to intercept internet traffic. This would be possible by creating a wifi-hotspot a laptop would connect with. A hacker would be able to steal passwords and other private information, or hijack browser sessions.

Klijnsma claims to Tweakers that he managed to get access to the private key after 'a bit of fumbling'.

Firefox

Lenovo has admitted that it has supplied the Superfish-malware on a range of consumer laptops. The company says it has already 'de-activated' the software.

This however dos not mean the malicious ssl-certificate itself has been removed. If this is not the case, Chrome and Internet Explorer remain vonurable. Firefox handles ssl-certificates differently and is therefor not affected by the leak.

The normal removal of Superfish does not result in the removal of the ssl-certificate. NU.nl has asked Lenovo if it has also de-activated the ssl-certificate on its laptops, or if it is planning to do so.

User avatar
6502coder
Posts: 677
Joined: Mon 23 Mar 2009, 18:07
Location: Western United States

#2 Post by 6502coder »


User avatar
Fossil
Posts: 1157
Joined: Tue 13 Dec 2005, 21:36
Location: Gloucestershire, UK.

#3 Post by Fossil »


User avatar
Ted Dog
Posts: 3965
Joined: Wed 14 Sep 2005, 02:35
Location: Heart of Texas

#4 Post by Ted Dog »

Wow have such a machine.. soultion is to reload windows... did not get a disc to due so. wonder what we are supposed to due.

User avatar
Makoto
Posts: 1665
Joined: Fri 04 Sep 2009, 01:30
Location: Out wandering... maybe.

#5 Post by Makoto »

Most OEM Windows machines now come with 'restore partitions,' rather than restore discs. It's cheaper for the companies (they'll give you disc copies for an extra charge), but unfortunately, it also makes it easier for malware to infect the restore partition. So, if you're infected, restoring Windows just restores the infection as well.

...of course, if the malware's already in the restore partition to begin with... :roll:

In your case, you'd probably need to buy a full Win (Vista? 7? 8?) install package, then wipe the machine and install a new version of Windows. Or, at the very least, contact your OEM provider for the appropriate restore discs (and mention this malware, saying that you don't trust the restore partition, assuming the computer has one).
[ Puppy 4.3.1 JP, Frugal install ] * [ XenialPup 7.5, Frugal install ] * [XenialPup 64 7.5, Frugal install] * [ 4GB RAM | 512MB swap ]
In memory of our beloved American Eskimo puppy (1995-2010) and black Lab puppy (1997-2011).

cthisbear
Posts: 4422
Joined: Sun 29 Jan 2006, 22:07
Location: Sydney Australia

#6 Post by cthisbear »

Copy your drivers with >> Driver Magician Lite

http://www.drivermagician.com/Lite.htm

Then re-install.

If it's Win 7 I use Win7 lite

Look at my backup size >> no pagefile...I always delete it

>>> 4.51 GB (4,845,635,786 bytes)

Chris
Attachments
eXPerience.zip
eXPerience read me
(5.85 KiB) Downloaded 146 times

User avatar
Ted Dog
Posts: 3965
Joined: Wed 14 Sep 2005, 02:35
Location: Heart of Texas

#7 Post by Ted Dog »

Not infected on my Lenovo.. wheeeewwww..

User avatar
solo
Posts: 389
Joined: Thu 14 Nov 2013, 20:33

#8 Post by solo »

Here's a Lenovo support page with a list of laptop types which are supposedly affected by the Superfish malware.

http://support.lenovo.com/us/en/product ... /superfish

There's also a link to a page with instructions how to remove Superfish AND the certificate.

User avatar
Galbi
Posts: 1098
Joined: Wed 21 Sep 2011, 22:32
Location: Bs.As. - Argentina.

#9 Post by Galbi »

To check if infected:
https://filippo.io/Badfish/
Remember: [b][i]"pecunia pecuniam parere non potest"[/i][/b]

labbe5
Posts: 2159
Joined: Wed 13 Nov 2013, 14:26
Location: Canada

how to proceed to delete Superfish Inc

#10 Post by labbe5 »

Removing Superfish doesn’t suddenly make the MITM threat vanish. You’re still at risk, and HTTPS is effectively broken on your computer until you can fix the certificate issue.

Begin by checking if your computer is affected. Head to https://filippo.io/Badfish/ and check the results.

If affected :

Act quickly. Press WIN+R to open the Run box, and enter certmgr.msc. The Windows certificate manager will open, so look for Trusted Root Certification Authorities, expand it to display Certificates and then in the right-hand pane look for Superfish, Inc.

Delete it.

Finish by closing your browser and rebooting Windows.


Not a surprising development in this war on privacy.

labbe5
Posts: 2159
Joined: Wed 13 Nov 2013, 14:26
Location: Canada

Lenovo supplying an open source Superfish removal tool

#11 Post by labbe5 »

http://support.lenovo.com/us/en/product ... _uninstall

The code source is available here :

https://github.com/lenovo-inc/superfishremoval/

Damage control from Lenovo to prevent media from tarnishing its image.
Instructions cover how to prevent vulnerabilities affecting certificates.

In hoping that helps Lenovo users.

bark_bark_bark
Posts: 1885
Joined: Tue 05 Jun 2012, 12:17
Location: Wisconsin USA

#12 Post by bark_bark_bark »

edit: Oops wrong thread
....

Post Reply