Lenovo, Superfish, Root certificates and You

If you have purchased a Lenovo laptop, desktop, or some other system since 2010, Lenovo added a surprise for you. It is called Superfish and its purpose is to read everything you type into search engines or Amazon or whereever and insert advertising from Superfish partners to drink to milk more money out of you.

While installation of adware like this is bad enough, this application makes it worse by inserting a root certificate into your system.

A self-signed root certificate like this gives Superfish access to everything you do on your system. It intercepts your communications with your bank and reroutes it through its systems to your bank and acts like a ‘man in the middle (MITM)” type of hacker attack.

A screen grab of Superfish intercepting an interaction with Bank of America (PHOTO COURTESY OF PCMagazine).

A screen grab of Superfish intercepting an interaction with Bank of America (PHOTO COURTESY OF PCMagazine).

While Lenovo nor the company who makes Superfish are likely to exploit this interaction, a real hacker, can intercept this traffic and then you are in trouble.

The best thing for you to do is not to wipe your system clean, nor throw out the computer. Follow this guide from Ars Technica and get rid of the adware and the root certificate and regain control of your computer.