In an attempt to increase their computer sales associated income, Lenovo has installed into some of their sold computers an adware called Superfish. Problem: This tool is not only ads/publicity related intrusive (without warning for the user), it has also become a huge security issue. Be aware that Superfish owns a self-signed certificate. This certificate allows Superfish to spy on the users, things like every secured connection like the ones found in secure sites like Facebook or banking websites, as many user have reported. Superfish uses the same private key in every computer where it’s installed, thus a malicious person can easily track all traffic coming from Lenovo computers connected to a free wifi spot, without the users even noticing it.
The firsts complaints from costumers recorded are from September 2014. However since February 14th, 2015 this issue has surmounted to the next level as we now know how serious the security threat is.
According to them the computer models (sold until January 2015) probably affected by this issue are:
G Series: G410, G510, G710, G40-70, G50-70, G40-30, G50-30, G40-45, G50-45
U Series: U330P, U430P, U330Touch, U430Touch, U530Touch
Y Series: Y430P, Y40-70, Y50-70
Z Series: Z40-75, Z50-75, Z40-70, Z50-70
S Series: S310, S410, S40-70, S415, S415Touch, S20-30, S20-30Touch
Flex Series: Flex2 14D, Flex2 15D, Flex2 14, Flex2 15, Flex2 14(BTM), Flex2 15(BTM), Flex 10 MIIX Series: MIIX2-8, MIIX2-10, MIIX2-11
YOGA Series: YOGA2Pro-13, YOGA2-13, YOGA2-11BTM, YOGA2-11HSW
E Series: E10-30
Lenovo users may check if they are infected or not by Superfish by going to Lastpass, a web site specialized in passwords management.
Check for Superfish infection.
Once you know for sure your status you need to go further and actually remove it. Follow the guide shown below to make sure it’s gone for good.
View full solution