Superfish spyware not limited to Lenovo laptops
The pernicious spying software which was bundled with Lenovo's laptops is powered by a tool which is likely present on millions more PCs around the world.
Superfish, a piece of software that was pre-loaded on Lenovo laptops toward the end of 2014, is designed to inject third-party ads into Google searches. It has been shown to be much more insidious by installing a self-signing certificate on each system, allowing it to spy on encrypted online communications, including email and banking transactions.
The technology underpinning this action is known as an SSL Digestor and comes from a company called Komodia. In the last 24 hours, since the controversy surrounding Superfish was reported on multiple news outlets, the website of Israeli company Komodia has been knocked offline following a distributed denial of service attack by an unknown party.
In the last 24 hours, researchers have also discovered that the Komodia technology which allowed the Superfish application to monitor what were meant to be private conversations online, is being used much more widely and is present on millions of more PCs.
According to security researcher Marc Rogers, Komodia uses the same framework for many products including parental control software made by Qustodio and Komodia's own Keep My Family Secure parental control software which promises to protect children when surfing online.
Rogers says that the password used to protect the encryption certificates is always "komodia" and the certificates themselves are "always weak" and that the private key is always bundled with them - which is not a very clever idea.
Encryption key
It means that hackers looking to attack someone with this software installed could easily extract the encryption key and use it against the victims to steal personal information and intercept online communications.
"I think that at this point it is safe to assume that any SSL interception product sold by Komodia or based on the Komodia SDK is going to be using the same method," Rogers says.
So what does this actually mean?
It means that the problem is not limited to the Lenovo laptops sold between October and December 2014 which had Superfish pre-installed. "It means that anyone who has come into contact with a Komodia product, or who has had some sort of Parental Control software installed on their computer should probably check to see if they are affected," Rogers said.
If you think you might be affected, there is any easy way to check if your system is vulnerable. Just visit this website and if you see a Yes, then it might be time to consider removing the offending piece of software.
Lenovo initially responded to the media reports by saying "it did not find any evidence to substantiate security concerns" but in the the last 24 hours it has removed this line from its official statement as it scrambles to properly address the issue which has been strongly criticised by security experts the world over.
© Copyright IBTimes 2024. All rights reserved.