×
×
Search

Call Us Now
877-242-4335

Menu
Search
Menu
Blog
Email
Call
Cyber Security

Lenovo “Superfish” Spyware Info

Home
/
Blog
/
Lenovo “Superfish” Spyware Info

Lenovo Security Advisory: LEN-2015-010
Potential Impact: Man-in-the-Middle Attack

Severity: High

Summary:

This advisory only applies to Lenovo Notebook products.

(ThinkPad, ThinkCentre, Lenovo Desktop, ThinkStation, ThinkServer and System x products are not impacted.)

Superfish was previously included on some consumer notebook products shipped between September 2014 and February 2015 to assist customers with discovering products similar to what they are viewing. However, user feedback was not positive, and we responded quickly and decisively:

Superfish has completely disabled server side interactions (since January) on all Lenovo products so that the software product is no longer active, effectively disabling Superfish for all products in the market.
Lenovo stopped preloading the software in February.
We will not preload this software in the future.

Vulnerabilities have been identified with the software, which include installation of a self-signed root certificate in the local trusted CA store. The application can be uninstalled; however, the current uninstaller does not remove the Superfish root certificate.

Description:

Superfish intercept HTTP(S) traffic using a self-signed root certificate. This is stored in the local certificate store and provides a security concern.

Mitigation Strategy for Customers (what you should do to protect yourself):

Lenovo has reached out to Superfish to disable all server activity associated with their product. To completely remove this software, please follow the instructions on this link:

Superfish Removal Instructions

Affected Products

The following Lenovo notebooks may be affected:

E-Series:

E10-30

Flex-Series:

Flex2 14, Flex2 15

Flex2 14D, Flex2 15D

Flex2 14 (BTM), Flex2 15 (BTM)

Flex 10

G-Series:

G410

G510

G40-70, G40-30, G40-45

G50-70, G50-30, G50-45

M-Series:

Miix2 – 8

Miix2 – 10

Miix2 – 11

S-Series:

S310

S410

S415; S415 Touch

S20-30, S20-30 Touch

S40-70

U-Series:

U330P

U430P

U330Touch

U430Touch

U540Touch

Y-Series:

Y430P

Y40-70

Y50-70

Yoga-Series:

Yoga2-11BTM

Yoga2-11HSW

Yoga2-13

Yoga2Pro-13

Z-Series:

Z40-70

Z40-75

Z50-70

Z50-75

Acknowledgements:

None

Other information and references:

TBD

Contact Skyen

Reach Out Today
To Learn More

Send Us A Message

Facebook
Instagram
Linkedin
Customer Portal
Oakland

1111 Broadway, 4th Floor
Oakland, CA 94607

San Francisco

600 California St, 11th Floor
San Francisco, CA 94108

Portland

5319 SW Westgate Dr, Suite 246
Portland, OR 94221

Call Us

877-242-4335

Email Us

info@skyen.com

Customer Portal

The information on this website is for informational purposes only; it is deemed accurate but not guaranteed. It does not constitute professional advice. Testimonials are not a guarantee, warranty, or prediction of what your experience with us will be. By providing contact information, users acknowledge and give explicit consent to be contacted via the methods of communication provided, including SMS. Message and data rates may apply. Message frequency may vary. Reply STOP to opt out.

NUVEW | Copyright 2024 All Rights Reserved | Accessibility Notice | Privacy Policy