Lenovo's PC products sold overseas are accused of including an advertising plug-in Superfish in the system. The application modifies the content of the Web page and inserts ads in a man-in-the-middle attack, while embedding a security CA certificate in the system that could be exploited by an attacker.
Lenovo has now admitted the application exists overseas and has introduced tools for uninstalling and removing security certificates.
Superfish uses a man-in-the-middle attack to hijack a user's network traffic and use a security certificate to allow it to still modify the target page under SSL to achieve the purpose of displaying the advertisement, which can expose the user's network silver and social network accounts to the threat of hacker attack.
The Superfish advertising plug-in, which was provided by its namesake company, said in an interview with the Next Web that the CA certificate was implanted only to provide search functionality (after falsification) to users on any Web site, while the mass exposure of the product was only "a security risk in the product being discovered". Lenovo admits to being cautious when choosing partners.
After the incident, the United States Government also came forward to call on users to remove the security risks as soon as possible Superfish plug-ins.
At the same time, Microsoft has updated Windows Defender, which is built into Windows 8 and above, so that users can use it to remove Superfish and their built-in certificates.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
