A factory-installed software on some computers Lenovo Chinese leaves your computer vulnerable to data interception attacks. The program displays contextual advertising depending on the visited site and to analyze secure pages, change operating system settings to remove the protections offered by intercept HTTPS sites (which display the “lock” in the web browser).
The program, called Superfish, using codes of another company, Komodia. A study released by Facebook on Friday (20) says more than a dozen other applications with the same code there. The case of Lenovo, however, is of concern because of the number of systems affected. Lenovo is currently the largest manufacturer in the world computers, with 18.8% of sales, according to Gartner
Computers with Superfish were also sold in Brazil in three sets:. G (G40 -70 and G50-45), Z (Z40-70) and Yoga (Yoga2-13). Lenovo released an automatic removal tool that can be downloaded from the company website. In addition to uninstall, you must verify that the certificate was also removed. Microsoft included the Superfish in Windows Defender security program, which is part of Windows.
“We did not know this potential security vulnerability [until this Friday (20)]. We recognize that this was a our mistake and we will do better in the future. Now we are focused on correcting the problem, “the company said in a statement.
interception Risk
Web sites can only display the “lock” safety case accompanied by a certificate signed by a trusted entity. The list of trusted entities is configured in Windows. A site that uses a certificate scrambles the communication traffic and prevents the data from being read by third parties. The digital signature of the trusted entity by the system ensures that the certificate has not been tampered.
The Superfish analyzes the communication traffic to search and display contextual advertising. In secure sites, Superfish could not work because it is not possible to analyze the traffic.
To work around this limitation, the program simulates an intercept attack on access to secure sites, being intermediate. This action should result in an error message for the visitor, it would indicate that there is something wrong with the secure connection.
The Superfish modifies the list of trusted entities to be included in it and, therefore, it can display a fake certificate and even then will be accepted by the system, without any error message.
The problem with this method is that the key used by Superfish is unsafe and is the same for all systems that it is installed. This allows any attacker to create fake certificates that will be accepted by the vulnerable computer.
The risk of interception is higher in shared networks, as a public wireless network. A hacker could intercept access to bank or any other site usually safe, like Facebook, and get all the communication data, including passwords. No error message or warning would be displayed, as it would on a computer without the installed Superfish.
No comments:
Post a Comment