Lenovo recently released a product security advisory about a man-in-the-middle attack vulnerability that exists on some of the Lenovo Notebook laptop models sold by the company between Jan 2014 until Feb 2015.
A program called SuperFish intercepts all internet traffic using a self-signed root certificate that is stored in the local certificate store and provides a security concern. Superfish is an advertising company that develops various advertising-supported software products. The Superfish software has been described as malware or adware by security experts and anti-virus softwares. On February 20, 2015 the United States Department of Homeland Security advised uninstalling Superfish and its associated root certificate because they make computers vulnerable to serious cyber-attacks, including interception of passwords and sensitive data being transmitted through the Internet browser.
Lenovo says “SuperFish was previously included on some consumer notebook products shipped between September 2014 and February 2015 to assist customers with discovering products similar to what they are viewing. However, user feedback was not positive, and we responded quickly and decisively”.
While the the company will no longer be including Superfish in its pre-loaded factory OS image, there are still many laptops that remain infected with the malware. Lenovo laptop owners are urged to take actions to remove the program from their computer.
Lenovo laptop owners can remove the malware from their comupter by downloading a Superfish removal tool from the laptop manufacturers website here:
Alternatively Lenovo laptop owners can take their laptop to a computer repair store in their neighborhood to have Superfish removed.
Is My Lenovo laptop infected with Superfish?
Chances are yes if you purchased your Lenovo laptop at a big-box store. However if you purchased your Lenovo laptop from South City Computer, we have already removed this malware during the initial set up of your laptop.