Lenovo has found itself in the midst of a piping hot controversy of late. Only last week, it seemed as if the entire tech community went hammering down on the computer manufacturer as computer security analysts complained that Lenovo laptops such as Yoga 2 came pre-installed with an advertising software, Superfish.
Needless to say, this left those laptops open to annoying internet advertisements no user is ever fond of. It’s a shame it doesn’t quite end at that and arouses much more pressing concerns.
So What’s the Deal?
As the scandal surfaced, what transpired is that Lenovo had an agreement with Superfish to have its software installed on Lenovo computers for a set period of time. Lenovo was to earn each time a consumer visited the feed ads on web pages put up by Superfish.
Adware or Spyware?
As for this adware of sorts, it simply installs its root certificate that allows it to gain entry into HTTPS web connections. This way, it forces shopping results in the web browser as users browse websites. In actuality, such invasive activities are more along the lines of spyware than adware. Trouble is that it doesn’t just end at that; instead, it potentially paves way for crime.
The Root Certificate
Mike Shaver, engineering director of Facebook hinted at the MITM (Man in the middle) certificate in one of his tweets as he brought his followers’ attention to the matter. MITM isn’t an unusual hack; it enables ‘foreign’ parties to invade a user’s network and take full control of it. The self-signed root certificate leaves the machine wide open to security breaches, allowing anyone on the same WiFi network to invade.
For instance, a hacker using the hotspot in the same café as you will continue to monitor your computer’s traffic. As soon as you approach the website of your bank, it will redirect you to a fictitious site by inserting new data. Whatever details you provide on that website including your password will then become a source of fresh revenue for the hacker (if you know what I mean).
Reactions from All
Lenovo has received a volley of abuse from its loyal users ever since the news broke. People have been left absolutely flabbergasted upon learning that a company of such repute can act with such irresponsibility. The U.S government has urged users of Lenovo machines to remove Superfish from the computers and many analysts suggest steering clear of Lenovo’s Windows and installing vanilla Windows instead.
Apology from Lenovo
Lenovo issued an apology via Twitter, admitting that the company messed up while trying to deliver on good intentions. The chief technology officer of Lenovo, Peter Hortensius refused to admit that Superfish posed any security threats that broke HTTPS connections; the company blames the way the design has been implementation instead.
Security analysts do not second that claim and point out how Lenovo was even unwilling to admit that there were associated risks with the machine at first. Lenovo is busy at work to put an end to this misery. For now, it has shared a link to guide users how they can rid themselves of Superfish along with the root certificate altogether.
Superfish’s take on the matter
It’s not at all surprising that Superfish wish to steer clear of the controversy as more people begin to look into it after this rousing scandal. CEO Superfish, Adi Pinhas claimed the innocence of the company in a press statement, adamant that the software is not designed to store or share any personal data. He went on to state that Superfish had no clue about the associated risks that the third party add-on brought about.