New Lenovo computers install dangerous malware that could allow hackers to spy on users

‘Superfish’ adware puts ads onto websites without users’ permission, and could leave the computer vulnerable

Andrew Griffin
Thursday 19 February 2015 04:52 EST
Comments

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

New Lenovo computers came shipped with software that forced ads onto the users and could have left them vulnerable to hacking.

The adware, known as “Superfish”, was made to push new third-party results into internet browsers — similar to the ads seen on sites like Google, but extra and coming from a source that wasn’t immediately identified. The adware meant that some sites wouldn’t render properly and worked slowly, as well as showing the unwanted results.

But as well as installing ads, the way the software works could allow hackers to look in on users’ internet browsing. Facebook engineer Mike Shaver noticed that Superfish installs a “man in the middle” certificate, which allows companies to intercept information as it is passed between a users’ computer and a website.

Superfish is seen by antivirus software as a virus, and they recommend uninstalling it.

The software appears to have been shipped with Lenovo computers since mid-2014.

The only way to be sure that new Lenovo laptops aren’t carrying the adware is to entirely delete windows and re-install it. But given that the software works secretly, most will be unaware it is running, and a clean install of Windows is a complicated and technical process that many consumer users might be unaware of.

But some users have posted more simple ways of removing the software online.

Lenovo has admitted that the software was being installed on new machines, but said that it has now “temporarily removed” it from new products. The software will stay off new computers “until such time as Superfish is able to provide a software build that addresses these issues”, Lenovo said.

"Lenovo removed Superfish from the preloads of new consumer systems in January 2015," a Lenovo spokesperson told The Independent. "At the same time Superfish disabled existing Lenovo machines in market from activating Superfish.

"Superfish was preloaded onto a select number of consumer models only. Lenovo is thoroughly investigating all and any new concerns raised regarding Superfish."

For users that have already had the computers, Lenovo asks Superfish to release an update that would address some of the problems users were having.

In a forum post explaining the software, Lenovo said that Superfish “is a technology that helps users find and discover products visually”.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in