One of the largest PC manufacturer companies, Lenovo had admitted that the company’s visual search tool, Superfish, is a threat to the privacy and exposes users to several other deadly cyber attacks.
“I have a bunch of very embarrassed engineers on my staff right now,” Lenovo CTO Peter Hortensius said in an interview Thursday. “They missed this.”
Lenovo has announced that they are working on a new tool that will help users to remove this software completely from their computer without leaving a loophole.
Customers have been complaining about Lenovo Superfish adware removal tool since September last year, however, it was known this Wednesday that it also intercepts the SSL/TLS traffic. Superfish is a program that intercepts the web traffic and inserts third party advertisements in the web results, however, it is impossible to do that over a secure connection, company installed “root certificates” that replaced the original certificates by the website.
The replacement, without a doubt, was able to provide ads over an SSL encrypted network, however, it left the user vulnerable to several man-in-the-middle attacks.
It was found that the software can be easily reverse engineered to reveal the secret key, which further can be used to intercept the user’s traffic to show credentials related to online accounts and banks.
Company has already released a complete guide for removing the Superfish and its related certificates from the systems running Windows 8.1, and soon it is going to launch a tool that will automatically clean the adware.
Lenovo received a very little compensation for displaying these ads, however, report suggests that the primary aim of the company was to improve the overall experience of the user. Only consumers have been affected by this adware, but not the government and other financial institutes in the country.
Lenovo has stopped installing this software on the computers leaving the factory.