Lenovo laptops come with Superfish malware and its CA certificate and private key in the vault

    The Superfish program, which comes with Lenovo Y50, Z40, Z50, G50 and Yoga 2 Pro laptops, is a typical Malware that listens to traffic, analyzes user searches and inserts ads on pages of third-party sites. This application works at the system level, intercepting, including, HTTPS traffic. To do this, the application installs the Superfish CA certificate in the Windows keystore and proxies all traffic between the host and browser, replacing the certificate with your own. This software has been supplied since at least June 2014. The first message about this program on the Lenovo forum is dated September 2014.

    image

    This news in itself is already unpleasant, but today one detail has become known that significantly increases the level of danger for the owners of these laptops: it turned out that inside the program there is not only a public CA certificate, but also a private key to it, in an encrypted form. There is no problem finding a password for this key - “komodia”: supersat

    image
    twitter image

    This means that any attacker who is able to carry out a MitM attack (for example, on a public Wi-Fi network) can use this certificate to proxy HTTPS- traffic through your computer and decrypt it unnoticed by the victim.

    Lenovo representative on the forum reportsthat they stopped delivering this software with new laptops since January 2015 and turned off Superfish for all owners of laptops already purchased. An instruction is available for removing malware , which, however, does not include removing the root certificate from the store.

    Service for checking the availability of Superfish certificate in OS storage
    Certificate and private key Superfish in PEM format
    Article in Forbes (does not mention the presence of a private key)
    Article from Marc Rogers (does not mention the presence of a private key)
    Article from Errata Security
    How did you get the private key and password
    Information on EFF
    Windows Defender Detects Superfish

    Also popular now: