News

Same Tech Used in Lenovo Superfish Software found in Twelve Other Apps

The SSL-busting technology recently discovered to be pre-installed on Lenovo laptops has been found as part of another 12 pieces of software, including Trojan malware. The HTTPS-bypassing code, developed by Israeli company Komodia, was a part of the now-infamous Superfish software found on-board Lenovo laptops.

Matt Richard, threat researcher for the Facebook security team, revealed the extent of the code’s reach in a post on Friday, writing, “What all these applications have in common is that they make people less secure through their use of an easily obtained root CA [certificate authority], they provide little information about the risks of the technology, and in some cases they are difficult to remove.”

He continued,  “Furthermore, it is likely that these intercepting SSL proxies won’t keep up with the HTTPS features in browsers (e.g., certificate pinning and forward secrecy), meaning they could potentially expose private data to network attackers. Some of these deficiencies can be detected by antivirus products as malware or adware, though from our research, detection successes are sporadic.”

Even the developer Komodia calls one of its SDKs an “SSL hijacker”, so it’s no surprise that the code has found its way into malicious software. The malware, Trojan.Nurjax, was first discovered back in December. According to Symantec, the malware “hijacks the Web browser on the compromised computer and may download additional threats.”

Lenovo has apologised for inflicting the HTTPS-breaking code upon is customers and has released a program to aid removal of the Superfish software.

Source: Ars Technica

Ashley Allen

Disqus Comments Loading...

Recent Posts

AMD Krackan Processor with 6 Zen 5 and Zen 5c Cores for Budget AI Laptops Leaked

A new AMD processor in the form of an engineering model has been leaked in…

2 mins ago

SK Hynix Begins Production of First 321-Layer NAND Chips

SK Hynix has claimed to be the first company to mass-produce 321-layer NAND memory chips.…

15 mins ago

Trust Gaming GXT 609 Zoxa 2.0 PC Speakers

SOUNDS GREAT – Full stereo sound (12W peak power) gives your setup a booming audio…

4 hours ago

PowerA Wired Controller for Nintendo Switch

Special Edition Yoshi design Ergonomic controller shape with Nintendo Switch button layout Detachable 10ft (3m)…

5 hours ago

Logitech G Saitek PRO Flight Rudder Pedals

Fluid Motion: These flight rudder pedals are smooth and accurate that enable precise control over…

5 hours ago

Logitech G Saitek Farm Sim Controller

Heavy Equipment Bundle: Includes a steering wheel for heavy machinery, gas and brake pedals, and…

5 hours ago