Technology

Lenovo Shipped Laptops with Security Flaw, Experts Say

Published

9 years ago

February 20, 2015

Oakland Post

The Lenovo Flex 15D laptop is pictured on April 25, 2014 in Atlanta. (Ron Harris/AP Photo)

BRANDON BAILEY, AP Technology Writer

SAN FRANCISCO (AP) — If you’ve recently purchased a laptop computer made by Lenovo, you may want to hear this: Experts say the world’s biggest computer maker shipped laptops with pre-installed software that could let hackers steal passwords or other sensitive information when you use the web to shop, pay bills or check email.

Lenovo said Thursday that it has disabled the offending software, known as Superfish, and will provide customers with a tool that permanently removes the program from their computers. The company initially said its own investigation didn’t find “any evidence to substantiate security concerns.” But it later removed that sentence from a statement on its website.

The problem affects an unknown number of computers: Lenovo said it shipped “some” laptops with Superfish between September and December last year, before it stopped because of customer complaints. That could cover a large number of machines. Lenovo shipped more than 16 million laptop and desktop machines in the fourth quarter.

Superfish wasn’t intended as malware. Lenovo has said it was designed to show targeted ads by analyzing images of products that a user might see on the web and then presenting “identical and similar product offers that may have lower prices.” Lenovo said the software doesn’t track users or collect any identifying information.

But some users initially complained the software shows unwanted “pop-up” ads. And this week, several independent experts reported that Superfish works by substituting its own security key for the encryption certificates that many websites use to protect users’ information. “This means that anyone affected by this adware cannot trust any secure connections they make,” researcher Marc Rogers wrote on his blog.

What’s worse, experts said, is that Superfish appears to re-use the same encryption certificate for every computer, which means a hacker who cracked the Superfish key could have broad access to a variety of online transactions. Robert Graham, chief executive of Errata Security, boasted in a blog post Thursday that he was able to figure out the Superfish encryption password in a few hours.

So far, there’s been no evidence that hackers have used the vulnerability to steal information. To do that, some experts said, a hacker would probably need to search for owners of laptops that have the Superfish software and are using a public Wi-Fi connection to visit secure websites.

But some critics blasted Lenovo for acting irresponsibly by installing the software. “Lenovo has not just injected ads in a wildly inappropriate manner, but engineered a massive security catastrophe for its users,” said the Electronic Frontier Foundation, an Internet advocacy group, in a blog post Thursday.

Superfish is made by a tech startup based in Silicon Valley and Israel. A spokesperson wasn’t immediately available for comment.

Many PC-makers ship computers with pre-loaded software from other companies, often in exchange for commissions or fees. Lenovo said its arrangement with Superfish is “not financially significant.” The company said it stopped selling laptops with the program in January and added: “Our goal was to enhance the experience for users; we recognize that the software did not meet that goal and have acted quickly and decisively.”

“We’re not claiming it wasn’t a mistake,” Lenovo spokesman Brion Tingler added Thursday. “We do due diligence and it wasn’t good enough in this case.” He added that the company is reviewing its procedures.

While Lenovo says it stopped shipping computers with Superfish in January, some may still be in stock at retailers. Lenovo posted detailed instructions for removing the software and the Superfish encryption certificate from its computers. They can be found at: http://news.lenovo.com/images/20034/remove-superfish-instructions.pdf

Oakland Post

Posts by Oakland Post

Up Next

Why Microsoft Office Isn’t the Right Tool for Every Task

Don't Miss

Yahoo Seeking to Harvest Ad Revenue from Other Mobile Apps

Oakland Post

Click to comment

Community

Attorney General Rob Bonta, Oakland Lawmakers, Introduce Legislation to Protect Youth Online

At a press conference in downtown Oakland on Jan. 29, Attorney General Rob Bonta joined Sen. Nancy Skinner (D-Berkeley) and Assemblymember Buffy Wicks (D-Oakland) to announce two pieces of legislation designed to protect children online. The bills are Senate Bill (SB) 976, the Protecting Youth from Social Media Addiction Act and Assembly Bill (AB) 1949, the California Children’s Data Privacy Act.

Published

3 weeks ago

April 16, 2024

Oakland Post

From left to right: Sen. Nancy Skinner (D-Berkeley), Attorney General Rob Bonta and Assemblymember Buffy Wicks (D-Oakland) at a press conference introducing legislation to protect young people online.

By Magaly Muñoz

The bills are Senate Bill (SB) 976, the Protecting Youth from Social Media Addiction Act and Assembly Bill (AB) 1949, the California Children’s Data Privacy Act.

Skinner authored SB 976, which addresses online addiction affecting teenage users, while Wicks’s bill, AB 1949, takes on big tech by proposing data privacy and children rights protections.

“Social media companies unfortunately show us time and time again that they are all too willing to ignore the detriment to our children, the pain to our children, the mental health and physical challenges they face, in order to pursue profits,” Bonta said.

SB 976 would allow parents to control the nature and frequency of the content their under-18-year-old children see on social media. Notifications from social media platforms would also be paused from midnight to 6 am and controls would allow parents to set time limits on their children’s usage based on their discretion.

Skinner stated that the longer that kids are on their phones during the day, the higher the risk for depression, anxiety and other related issues.

The bill would also push to get rid of addictive media that is harmful for young women and girls, specifically image filters that mimic cosmetic plastic surgery.

Bonta and 33 other attorney generals had previously filed a lawsuit against Meta, owner of the popular social media applications Instagram and Facebook. The filing claims that the company purposefully uses algorithmized content that harms younger audiences.

“Social media companies have the ability to protect our kids, they could act, but they do not,” Skinner said.

The Child Data Privacy Act would strengthen existing protections for data privacy under the California Consumer Privacy Act (CCPA). The lawmakers argue that the law does not have effective protection for those under 18 years old.

Wicks stated that the bill would forbid businesses from collecting, using, sharing, or selling personal data of anyone underage unless they receive informed consent, or it becomes necessary for the purpose of the business.

Wicks added that the acts would make it so that a search on the internet like “How do I lose weight?” would not result in dieting pill advertisements targeting youth, which, some experts report, could be harmful to their mental and physical health.

“In a digital age where the vulnerabilities of young users are continually exploited, we cannot afford to let our laws lag behind, our children deserve complete assurance that their online experience will be safeguarded from invasive practices,” Wicks said.

Supporters of the two acts say they have gained bipartisan support issue, but the authors and Bonta expect them to be met with pushback from the affected companies.

Oakland Post

Posts by Oakland Post

#NNPA BlackPress

Unleashing the Power_ Discover the The Thrills…F-TYPE Convertible

Published

5 months ago

December 18, 2023

Oakland Post

Performance & Handling
Powered by a robust 5.0 Liter Supercharged 8 Cylinder Gas Engine, the F-Type R75 doesn’t just purr; it roars with a mighty 575 horsepower and 516 lb-ft of torque. Coupled with an 8-speed Automatic Transmission, the car offers an exhilarating drive that is both fast and smooth. The All-Wheel Drive system ensures excellent traction and stability, making it a joy to handle in various driving conditions. The Electric Power Assisted Steering and JaguarDrive Control with Selectable Driving Modes add to the car’s agility, providing a driving experience that is as intuitive as it is thrilling. Additionally, the Adaptive Dynamics and Electronic Active Differential with Torque Vectoring by Braking enhance the car’s responsiveness, making every turn a testament to its engineering prowess. Unique to AutoNetwork.com.

Like us on and share https://www.facebook.com/autonetwork
#AutoNetwork
#AutoNetworkReports
Subscribe to our channel now for more videos.
Twitter http://www.twitter.com/liveautos
LinkedIn http://www.linkedin.com/in/autonetwork
Coupons Offers and Deals https://www.couponsoffersanddeals.com/

The post Unleashing the Power_ Discover the The Thrills…F-TYPE Convertible first appeared on BlackPressUSA.

Oakland Post

Posts by Oakland Post

#NNPA BlackPress

Elevate Your Ride…

Join us for a virtual car’s best-detailed walkaround of the sleek and stylish 2024 Jaguar F-TYPE AWD convertible. Get an up-close look at the exterior design, interior features, and performance capabilities of this luxury sports car. From its powerful engine to its advanced technology, this video will give you a comprehensive overview of what makes […]
The post Elevate Your Ride… first appeared on BlackPressUSA.

Published

5 months ago

December 18, 2023

Oakland Post

Join us for a virtual car’s best-detailed walkaround of the sleek and stylish 2024 Jaguar F-TYPE AWD convertible. Get an up-close look at the exterior design, interior features, and performance capabilities of this luxury sports car. From its powerful engine to its advanced technology, this video will give you a comprehensive overview of what makes the F-TYPE AWD convertible stand out on the road. Unique to AutoNetwork.com.