Lenovo laptops could put bank info at risk, security experts warn
Lenovo has potentially put thousands of users at risk by installing adware that can be easily exploited on a number of its laptops, latest reports have suggested.
Security experts (via The Verge) have revealed that enterprising hackers could steal sensitive information like passwords and bank details by exploiting the software.
The adware is called Superfish, a program that analyses images you look at during browsing sessions.
It then compares those images with upwards of 70,000 online stores to find lower priced products to push back to you in the form of advertisements.
The issue lies with how Superfish operates on your computer, and how hackers can take advantage of this.
When secure websites like banks want to prove your connection is legitimate, it will request an SSL certificate. Usually these come from trusted authorities that verify your connection.
Superfish circumvents this by producing its own SSL certificates to view content on otherwise secure websites, all in the hope of raking in advertising cash.
Related: Best Laptops 2015
What’s more, Superfish uses the same key for its root certificates across all machines. If hackers can crack this key, they could create their own certificates on third-party machines through the Superfish software.
This means that hackers could convince your bank’s website that their connection was legitimate, and potentially nab sensitive information.
Hackers could even write new software for Lenovo machines using the key, offering more sophisticated entry to private data.
Lenovo provided TrustedReviews with the following statement:
“Lenovo removed Superfish from the preloads of new consumer systems in January 2015. At the same time Superfish disabled existing Lenovo machines in market from activating Superfish. Superfish was preloaded onto a select number of consumer models only.
A second statement contained the following excerpt:
“We have thoroughly investigated this technology and do not find any evidence to substantiate security concerns. But we know that users reacted to this issue with concern, and so we have taken direct action to stop shipping any products with this software.”