Over the last 2 weeks, I had to explain to my superiors and clients and friends what Superfish is.Here's a clear cut definition of Superfish:
Superfish adware installed on some Lenovo PCs install a
non-unique trusted root certification authority (CA) certificate, allowing an
attacker to spoof HTTPS traffic. What the heck does that mean??? Back in September 2014, Lenovo pre-installed
Superfish VisualDiscovery spyware on some of their PCs. This software
intercepts users’ web traffic to provide targeted advertisements. In
order to intercept encrypted connections (those using HTTPS), the software
installs a trusted root CA certificate for Superfish. All browser-based
encrypted traffic to the Internet is intercepted, decrypted, and re-encrypted
to the user’s browser by the application – a classic man-in-the-middle
attack. Because the certificates used by Superfish are signed by the
CA installed by the software, the browser will not display any warnings
that the traffic is being tampered with. Since the private key can easily
be recovered from the Superfish software, an attacker can generate a
certificate for any website that will be trusted by a system with the Superfish
software installed. This means websites, such as facebook, twitter, banks sites and emails, can be spoofed without a warning from the browser. Essentially, they are eavesdropping into your internet connection to the world.. and that's a major NO NO in my book.
Although Lenovo has
stated they have discontinued the practice of pre-installing Superfish
VisualDiscovery, the systems that came with the software already installed will
continue to be vulnerable until corrective actions have been taken.
Superfish uses a vulnerable SSL decryption library by
Komodia. Other applications that use the library may be similarly affected. Please refer to CERT Vulnerability
Note VU#529496 for more details and updates. To remove SuperFish, you should uninstall Superfish VisualDiscovery. Lenovo has provided
a tool to uninstall
Superfish and remove all associated certificates. It is also necessary to remove affected root CA
certificates. Simply uninstalling the software does not remove the certificate. Microsoft provides guidance on
deleting and managing
certificates in the Windows certificate store. In the case of Superfish
VisualDiscovery, the offending trusted root certification authority certificate
is issued to “Superfish, Inc.” Mozilla
provides similar guidance for their software, including the Firefox and
Thunderbird certificate stores.
Over the last 2 weeks, I had to explain to my superiors and clients and friends what Superfish is.Here's a clear cut definition of Superfish:
No comments:
Post a Comment