The SSL-busting technology recently discovered to be pre-installed on Lenovo laptops has been found as part of another 12 pieces of software, including Trojan malware. The HTTPS-bypassing code, developed by Israeli company Komodia, was a part of the now-infamous Superfish software found on-board Lenovo laptops.
Matt Richard, threat researcher for the Facebook security team, revealed the extent of the code’s reach in a post on Friday, writing, “What all these applications have in common is that they make people less secure through their use of an easily obtained root CA [certificate authority], they provide little information about the risks of the technology, and in some cases they are difficult to remove.”
He continued, “Furthermore, it is likely that these intercepting SSL proxies won’t keep up with the HTTPS features in browsers (e.g., certificate pinning and forward secrecy), meaning they could potentially expose private data to network attackers. Some of these deficiencies can be detected by antivirus products as malware or adware, though from our research, detection successes are sporadic.”
Even the developer Komodia calls one of its SDKs an “SSL hijacker”, so it’s no surprise that the code has found its way into malicious software. The malware, Trojan.Nurjax, was first discovered back in December. According to Symantec, the malware “hijacks the Web browser on the compromised computer and may download additional threats.”
Lenovo has apologised for inflicting the HTTPS-breaking code upon is customers and has released a program to aid removal of the Superfish software.
Source: Ars Technica
A new AMD processor in the form of an engineering model has been leaked in…
SK Hynix has claimed to be the first company to mass-produce 321-layer NAND memory chips.…
SOUNDS GREAT – Full stereo sound (12W peak power) gives your setup a booming audio…
Special Edition Yoshi design Ergonomic controller shape with Nintendo Switch button layout Detachable 10ft (3m)…
Fluid Motion: These flight rudder pedals are smooth and accurate that enable precise control over…
Heavy Equipment Bundle: Includes a steering wheel for heavy machinery, gas and brake pedals, and…