Jump to content











Photo
- - - - -

Lenovo installs adware on customer laptops and compromises ALL SSL.


  • Please log in to reply
21 replies to this topic

#1 Nuno Brito

Nuno Brito

    Platinum Member

  • Team Reboot
  • 10452 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 19 February 2015 - 12:21 PM

Interesting to note that even SSL comes blatantly forged nowadays:

A pretty shocking thing came to light this evening – Lenovo is installing adware that uses a “man-in-the-middle” attack to break secure connections on affected laptops in order to access sensitive data and inject advertising. As if that wasn’t bad enough they installed a weak certificate into the system in a way that means affected users cannot trust any secure connections they make – TO ANY SITE.

http://marcrogers.or...omises-all-ssl/

 

Another reason to distrust the operating system provided by the manufacturer. Just too bad that even hard-drives seem to come infected since 2001. :(



#2 Nuno Brito

Nuno Brito

    Platinum Member

  • Team Reboot
  • 10452 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 20 February 2015 - 08:30 AM

They're coming forth with an apology and removal instructions:

We're sorry. We messed up. We're owning it. And we're making sure it never happens again. Fully uninstall Superfish: http://lnv.gy/182BW8g 

 

https://twitter.com/...578319681257472

 

http://support.lenov...rfish_uninstall



#3 TheHive

TheHive

    Platinum Member

  • .script developer
  • 4138 posts

Posted 21 February 2015 - 10:19 AM

Things like this makes buyers weary about Companies you think you can trust.
.

Similar to Sony rootkit fiasco (Sony BMG copy protection rootkit scandal)

They lost alot of customers then.



#4 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 13745 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 21 February 2015 - 10:42 AM

Once you open a can of worms, it is EXTREMELY difficult to get them back inside .... :w00t: :ph34r:

http://marcrogers.or...are-everywhere/

 

The good Lenovo guys, in their stupidity, added the stupid Superfish, but the good Superfish guys, in their own stupidity , were not alone.

 

The root of all evil incompetence seems to belong seemingly to Komodia, and the first list (surely going to become longer) of apps/tools found to use that  SDK (or *whatever*) is IMHO  if not downright preoccupying, at least perplexing:

 

 

  1. Komodia’s “Keep My Family Secure” parental control software.
  2. Qustodio’s parental control software
  3. Kurupira Webfilter
  4. Staffcop (version 5.6 and 5.8)
  5. Easy hide IP Classic
  6. Lavasoft Ad-aware Web Companion
  7. Hide-my-ip (note: this package does not appear to utilize the SSL MITM, and the certificate is slightly different from the one found in other packages however it still utilizes an unrestricted root certificate with a simple plaintext password).

 

 

 

Details on the findings of tracing th esource back to Komodia are here:

http://blog.erratase...ertificate.html

 

 

:duff:

Wonko



#5 Nuno Brito

Nuno Brito

    Platinum Member

  • Team Reboot
  • 10452 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 21 February 2015 - 01:00 PM

Yep, very true.
 
What is more troubling are the news brought to surface regarding hundreds of million cellphones had their communications hijacked through the direct steal of private keys from employees working on communication companies. Here is the scoop from what was released this week: https://firstlook.or...reat-sim-heist/
 
I mean, North Korea with their notoriously impressive computer skills allegedly stole a film from Sony (a private company) and what we see on the news everywhere is a call to put more sanctions on the country. While now we have factual evidence that all western countries had their communications stolen by opaque security groups and no sanctions take place upon those who committed these privacy violations nor you see the media news talking about this issue as a big problem.

 
post-1-0-16729500-1424523320.gif

post-1-0-72583600-1424523308.gif
 

It is pity that we are led to worry about a leaked movie from a private company while our own rights to privacy or security are taken away in the public light without opposition. Even SSL doesn't seem to be minimally respected any longer, just to deliver (yet) more advertisements.

 

post-1-0-69796100-1424523480.gif

 

 

Attached Files



#6 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 13745 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 21 February 2015 - 02:33 PM

Well, to be fair with the good North Korea guys that allegedly stole it,  not that the movie was particularly meaningful or even in any way remotely contributing to the education or evolution of the human kind, with a cultural value rating between -124 and - 87 :w00t: :ph34r:

 

At least according from the reports it seem like it was a worthless example of bad taste entangled with some B-Movie splatter failed attempt at political satire.

 

I believe that there are other - likely better - reasons for North Korea to be subject of further sanctions.

 

And as well there are reasons (which may well be debated) as to why "opaque security groups" snooped on our communications, but anyhow those two episodes are IMHO - like it or not - part of the "game", and everyone - exception maybe for the Authors and Director of the mentioned movie - seem to me being, while *perverted* in scope as much as you like it, "competent" in the *whatever* is at hand.

 

Komodia (probably having outsourced to Elbonian programmers ;)) selling that huge pile of sh*t and firms/software/hardware makers actually buying it (and people buying the products that these mindless jerks provide) are a different issue, not about "evil", but about "incompetence" or "stupidity".

 

While Robert Graham (as often happens with people that tend to know where their towel is) in the mentioned article:

http://blog.erratase...ertificate.html

maybe makes the finding and decrypting of the "komodia" password so "easy-peasy" that it appears as something that every kid can do in a rainy sunday afternoon as alternative to the Playstation or TV , surely it is not "rocket science" or "brain surgery" and at the very least the potential issue should have been at least identified immediately by Lenovo or by any of the mentioned software vendors IF *any* kind of check/control had been carried on the thingy.

 

Humanity is doomed anyway :(, but seemingly it is not doomed because people are evil, it is more likely that the judgment day will soon come because people (particularly in "key" roles/positions) are incompetent. :frusty:

 

:duff:

Wonko


  • Nuno Brito likes this

#7 Zoso

Zoso

    Silver Member

  • Advanced user
  • 640 posts
  •  
    Isle of Man

Posted 21 February 2015 - 06:00 PM

so they can run ads? yeah sure, thats it.. sadly most will believe this.


Humanity is doomed anyway :(, but seemingly it is not doomed because people are evil, it is more likely that the judgment day will soon come because people (particularly in "key" roles/positions) are incompetent. :frusty:
Wonko


many of us are easily manipulated (led to believe) I no longer "believe" as you and most others do.

humanity is in a struggle for its life alright and we have been incorporated (presumed dead) but until we each figure out who/what/how/why that is, we will be powerless to rebut that presumption.

corporations are not I AM

#8 Blackcrack

Blackcrack

    Frequent Member

  • Advanced user
  • 321 posts
  •  
    Germany

Posted 21 February 2015 - 07:49 PM

ehh , there, the Supportpage for uninstall this crap :

 

http://support.lenov...rfish_uninstall

 

best regards

Blacky



#9 Nuno Brito

Nuno Brito

    Platinum Member

  • Team Reboot
  • 10452 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 21 February 2015 - 09:39 PM

  1. Compared to Computrace, what Superfish does is small fish. Read this article from last week:
We have contacted Absolute Computrace technical support service and provided serial numbers of hardware that had suspicious installation of Computrace Agents. The technical support assistant reported that those serial numbers were not in their database. We believe this means Computrace was not activated in the normal way. How it was activated, why and by whom remains a mystery.

http://securelist.co...race-revisited/

 

Basically, the BIOS comes packed with a rootkit that install itself and "pings" a remote server to receive further instructions/updates. The whole process is opaque like a typical malware procedure would be. This is not limited to Lenovo, look the number of laptops from different manufacturers containing the said software:

absolutecomputrace_15s1.png

 

 

And for this particular problem, no uninstall guide is provided. Unless you manage to re-flash your BIOS but no guarantees of no further rootkits inside because the whole thing is closed-source.



#10 Blackcrack

Blackcrack

    Frequent Member

  • Advanced user
  • 321 posts
  •  
    Germany

Posted 22 February 2015 - 06:16 AM

humm..... on bjoernvold do we speak about some spy-problems, it's maybe, perhaps, wanted/desirable

in one part, to know how many notebook run and other part for updates (like on androides, the updateroutine)

and an completely different part maybe different spy facility's from different lands .. and then in other hand blackhat's,

or other hackers who want to be the notebooks infected .. where get many money to software ingenieur who create

some bioses or software who build into there back doors and other nasties ..

If we start thinking about, can we never stop, because, around the world gives so different facet of creativity .. you know ..

to be thinking about goes up to the infinity and further .. the only way for make more safety, save you self or don't a think about ..

and live therewith, because, if you not harms ... it's like the animals bloody sucker and other parasites, it existent and maybe

make it's a bit more stronger, but exempt, liberated do you be never, because it's like the germs and others .. viruses .. in the world now ..

there in the net and on the all Computers in the world ...

 

you can only clean up you self ... in one or other way.. you see ..

or help on an Computersystem like Reactos or OpenMandriva for have

an System who can you control and manage really by self ..

 

best regards

Blacky

 

and yes, Mandrake/Mandriva now OpenMandriva is in the community back now(since more as 3 years), we need helping hands, like in Reactos ...



#11 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 13745 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 22 February 2015 - 11:43 AM

@Nuno

Yep.

 

Just in case:

http://corelabs.core...ate_the_Rootkit

http://sourceforge.n...lojack-checker/

http://phrozenblog.com/?p=744

 

:duff:

Wonko


  • Nuno Brito likes this

#12 Blackcrack

Blackcrack

    Frequent Member

  • Advanced user
  • 321 posts
  •  
    Germany

Posted 23 February 2015 - 06:12 PM

humm...
Superfish-like Vulnerability Found in Over 12 More Apps

 
 
Why does not it surprise me ?!
 
best regards
Blacky


  • Nuno Brito likes this

#13 Nuno Brito

Nuno Brito

    Platinum Member

  • Team Reboot
  • 10452 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 24 February 2015 - 09:59 PM

Lenovo is getting a lawsuit over this matter. Reports the series of laptops that were infected:

The lawsuit was filed after Lenovo admitted to pre-loading Superfish on some consumer PCs. The laptops affected by Superfish include non-ThinkPad models such as G Series, U Series, Y Series, Z Series, S Series, Flex, Miix, Yoga and E Series.

 

http://www.pcworld.c...fish-snafu.html

 

I have a Lenovo U series. However, the OEM operating system that was pre-installed didn't lasted 24 hours until replaced, so I can't complain.



#14 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 13745 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 25 February 2015 - 06:40 PM

...and it's growing, with some added tidbits:

http://www.computerw...ts-in-hand.html

 

Drawing a line between Suprfish and Komodia ... :dubbio:

 

:duff:

Wonko


  • Nuno Brito likes this

#15 Blackcrack

Blackcrack

    Frequent Member

  • Advanced user
  • 321 posts
  •  
    Germany

Posted 26 February 2015 - 12:03 PM

Uppsss : Lenovo Website has been Hacked

 

 

kiddy's please, let the nonsense ! *hihihi*

 

best regards

Blacky



#16 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 13745 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 26 February 2015 - 12:23 PM

And here is the interesting way how a new, nice, CATCH22 situation can be created in Windows 8/8.x:
http://arstechnica.c...if-youre-lucky/
 
Windows defender now removes (for Internet Explorer ONLY) the Suprfish/Komodia malware, but it won't do so on systems where another antimalware/antivirus is installed, and since the good guys at Lenovo also pre-install some antimalware trial, it is likely that the people that could actually make use of the new added feature won't. :frusty:
As it is concluded in the given article:

It's just another way that OEM preinstalled junkware hurts Windows users.

 
...and I am sure everyone can catch the irony that - set aside the Lenovo mess - the main carriers for the Komodia stuff are "parental control" or similar software i.e. programs aimed to protect the user....
 
... and the list is growing ....
https://gist.github....b77a90073be81d3
 
The Author of the above put it down rather well:
http://erack.org/blo...and-Idiocy.html
 

Lenovo Superfish Komodia — Greed, Stupidity and Idiocy

Meanwhile you should have heard about the Lenovo hardware that had Superfish installed, an adware injecting software that uses an SSL hijacker SDK made by Komodia. If not then duck it.

I'd classify that as a Maximum Credible Accident (MCA) which was only possible due to greed, stupidity and idiocy.

  • Greed – Lenovo was greedy enough to deploy Superfish on its hardware, probably just for a few bugs revenue more per machine.
  • Stupidity – Superfish was stupid enough to use the Komodia SSL hijacker, just to be able to inject ads into https connections. Hopefully without knowing what they were doing, else it would had been double stupid stupidity. However, and of course they are greedy as well, because all ad sellers are.
  • Idiocy – Komodia was idiots enough to implement an SSL hijacker SDK and embed a root CA certificate in the software using it and super idiocy chose "komodia" as all private keys' password, making the certificate available to anyone and grandpa.

 
:duff:
Wonko


  • Nuno Brito likes this

#17 erwan.l

erwan.l

    Gold Member

  • Developer
  • 1974 posts
  • Location:Nantes - France
  •  
    France

Posted 26 February 2015 - 06:38 PM

The worse thing to me is that within a month, everyone will have forgotten this Lenovo story just like any previous personal violation.

 

We are already in Idiocracy : "a uniformly unthinking society devoid of intellectual curiosity, social responsibility, and coherent notions of justice and human rights" .

 

And it is not even friday yet :)


  • Nuno Brito and Blackcrack like this

#18 Blackcrack

Blackcrack

    Frequent Member

  • Advanced user
  • 321 posts
  •  
    Germany

Posted 26 February 2015 - 07:14 PM

The worse thing to me is that within a month, everyone will have forgotten this Lenovo story just like any previous personal violation.

 

We are already in Idiocracy : "a uniformly unthinking society devoid of intellectual curiosity, social responsibility, and coherent notions of justice and human rights" .

 

And it is not even friday yet :)

 

ehh yes, and anybody have his Facebook-Account (me not) and it is an Google-Junky (me also not) but,

in an week have we all forgotten and give our likes to lenovo again , you right, this is also the reason,

why they can make all with us as Moneymashin and so on ..

they are fellow the mainstream and be like fishes in the big stream .. all swim in the same direction ..

and if comes an bear.. oh it's only they are.. and not me.. , you see .. i see and give you an like ;)

 

best regards

Blacky



#19 Nuno Brito

Nuno Brito

    Platinum Member

  • Team Reboot
  • 10452 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 28 February 2015 - 07:31 PM

btw: Now we seem to have a significant number of home-routers with a hard-coded user and password: http://blog.ensolnep...outer_backdoor/


  • Blackcrack likes this

#20 Zoso

Zoso

    Silver Member

  • Advanced user
  • 640 posts
  •  
    Isle of Man

Posted 28 February 2015 - 10:36 PM

hi Nuno, thanks for that. its been around since at least 2006

http://www.linksysin...-exposed.16773/

next time I dig into DD-WRT firmware I will look for it.

if systems go online, the router is frontline. security starts here. OEM firmware should always be suspect!
  • Nuno Brito likes this

#21 Blackcrack

Blackcrack

    Frequent Member

  • Advanced user
  • 321 posts
  •  
    Germany

Posted 01 March 2015 - 07:54 AM

*g* oh damn Nuno, i has forget the y by German(y) *g*

best regards

Bl...acky


  • Nuno Brito likes this

#22 Nuno Brito

Nuno Brito

    Platinum Member

  • Team Reboot
  • 10452 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 01 March 2015 - 11:14 AM

next time I dig into DD-WRT firmware I will look for it.

 

Ok, I'd have interest in knowing the result from this check. Common sense would dictate that normal folks should be informed when their home networks are wide-open to anyone wandering next to their houses.

 

*g* oh damn Nuno, i has forget the y by German(y) *g*

best regards

Bl...acky

 

Keine sorge mein freund.

 

:cheers:


  • Blackcrack likes this




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users