Lenovo's Superfish adware cracked with relative ease, exposing users to attacks
This story just keeps getting worse for Lenovo. After getting called out for inserting additional ads into user's browsing experience and claiming to have disabled and stopped installing the offending software, Lenovo's "Superfish" adware has seen its certificate cracked by security researchers. The worst part is, it evidently was easy to break the app's security. The end result is that affect Lenovo computer users — and there are potentially hundreds of thousands of them — could see their computers needlessly exposed to attack.
Per computer security researcher Rob Graham:
Learn more about malware and antivirus for Windows
The worst part is that the certificate was cracked using a run-of-the-mill dictionary attack, running through words in the dictionary until access was granted. And so, within 10 seconds, Graham was in and able to run "man-in-the-middle" traffic interception attacks on any affected Lenovo user with Superfish installed.
What's frightening about this sort of attack is that it offers access to your outgoing and incoming data. The attacker can simply record it, or can actually intercept and change what you're downloading or uploading, all without your knowledge.
Source: Errata Security; Via: The Verge
Get the Windows Central Newsletter
All the latest news, reviews, and guides for Windows and Xbox diehards.
Derek Kessler is Special Projects Manager for Mobile Nations. He's been writing about tech since 2009, has far more phones than is considered humane, still carries a torch for Palm, and got a Tesla because it was the biggest gadget he could find. You can follow him on Twitter at @derekakessler.