How much is the bad adware "Superfish" in the Lenovo PC?

Adware on Lenovo PC "VisualDiscovery(Common name:Superfish) "Is hiding in the support forum, apparently Superfish is merely aAdwareNot to say that it was found to be a transcendental security hole with the dangers that you could do anything you wanted by a malicious attacker.

Lenovo Turns Off Superfish PC Adware Following Customer Complaints - Personal Tech News - WSJ
http://blogs.wsj.com/personal-technology/2015/02/19/lenovo-turns-off-superfish-pc-adware-following-customer-complaints/

You can understand the origin of the Superfish problem by looking at the following article.

Risk of becoming an inflammation of cyber attack on preinstalled software of Lenovo PC - GIGAZINE


The legitimate purpose of Superfish is to rewrite HTML without permission by the user and to display the advertisement by inserting JavaScript, which seems to be a function as so-called adware. However, the method Superfish uses to display advertisements is used to secure secure communicationsSSLIn communicationCertificate Authority (CA)It is a method to forge without permission, and this is a serious security hole.

Example of advertisement displayed by Superfish as "Visual Serch results"


Generally, in the SSL communication, the web browser sends a certified certificate by the CA from the server to be accessed, checks against the root certificate list which is a list of trusted CAs, and can judge that it is secure communication You will only be able to access it. However, Superfish takes over the communication from the server to send a certificate with CA and sends a certificate with a forged CA (hereinafter referred to as "Superfish CA"). If it is an ordinary PC it will judge that communication is not safe by repelling unnoticeable Superfish CA, but in the case of Lenovo PC with Superfish preinstalled, "Recognize Superfish CA as a trusted CA" We shipped with the setting saying.

Therefore, if Superfish CA is authenticated, it means that communication should be refused in principle, but it becomes unrestricted access OK, and the encryption itself will be canceled at this point. In other words, Superfish can interrupt the encryption function between the browser and the server.

Encryption in SSL communication means that "the browser has a root certificate of a" trusted "CA" "CA's signature (secret key) is secret" "The server keeps the secret key secret It is a function that assumes the point that it is. However, with Lenovo PC, the browser trusts "Do not trust" the CA mistakenly by the superfish and releases the encryption, so the security of SSL communication is not secured at all by this.

About Superfish's "signature" and its mechanism, it is illustrated very clearly on the following site.

Why Superfish is dangerous - Female Ake
http://d.hatena.ne.jp/nekoruri/20150220/superfish


Even worse, Superfish keeps the CA's signature (secret key) in the Superfish program, and Superfish's certificate and Superfish CA are diverted in common throughout the whole world. In other words, by retrieving the secret key of Superfich CA from Superfish of PC made by Lenovo, a malicious attacker will be able to attack.

An example of Successful Retrieval of Superfish CA Private Key has already appeared.

Errata Security: Extracting the SuperFish certificate
http://blog.erratasec.com/2015/02/extracting-superfish-certificate.html


It became clear that Superfish is beyond adware and it is a ridiculous security hole and it is no longer "Lenovo has chargedback doorIs not it? "As a result of the big trouble, such as the appearance of the theory, February 19, 2015, CEO Peter Hortensius of LenovoWall Street Journal"We did not evaluate sufficiently at the time of pre-installing Superfish, but we do not think that Superfish has damaged users at the moment." Although it has not been damaged, it is a policy to release Lenovo's official Superfish removal tool in a day or two.

Also, Lenovo announced an official statement against the Superfish problem. According to it, "Superfish was preinstalled on Windows notebook PC shipped between September and December 2014, but stopped preinstallation in January 2015". However, there is a different indication from Lenovo's official statement that Superfish was pre-installed from June 2014 at least.

Lenovo Newsroom | LENOVO STATEMENT ON SUPERFISH
http://news.lenovo.com/article_display.cfm?article_id=1929

In addition, the model number list of the PC on which Lenovo announced Superfish was pre-installed looks like this.

Superfish may have appeared on these models:
G Series: G410, G510, G710, G40-70, G50-70, G40-30, G50-30, G40-45, G50-45
U Series: U330P, U430P, U330Touch, U430Touch, U530Touch
Y Series: Y 430 P, Y 40 - 70, Y 50 - 70
Z Series: Z 40 - 75, Z 50 - 75, Z 40 - 70, Z 50 - 70
S Series: S310, S410, S40-70, S415, S415Touch, S20-30, S20-30Touch
Flex Series: Flex 2 14 D, Flex 2 15 D, Flex 2 14, Flex 2 15, Flex 2 14 (BTM), Flex 2 15 (BTM), Flex 10
MIIX Series: MIIX 2 - 8, MIIX 2 - 10, MIIX 2 - 11
YOGA Series: YOGA 2 PRO - 13, YOGA 2 - 13, YOGA 2 - 11 BTM, YOGA 2 - 11 HSW
E Series: E10 - 30

Already "Risk of becoming an inflammation of cyber attack on preinstalled software of Lenovo PCI told you that Lenovo officially explains how to uninstall VisualDiscovery (Superfish) in this article, but this wayThe root certificate of Superfish CA registered in the browser has not been deletedThe risk of being attacked therefore remains. So, how to delete Superfish CA is as follows.

First, check whether Superfish CA is installed on Lenovo PC. To the following siteOn Chrome and IEIt is safe if you access and say "Good, Superfish is probably not intercepting your connections."

Check if you trust the Superfish CA
https://filippo.io/Badfish/


However, if "YES" is displayed, there is a high possibility that VisualDiscovery or Superfish CA is installed, so we will promptly move to uninstallation work.


· Uninstall VisualDiscovery
Go to "Control Panel" → "Programs and Features" → "Uninstall a program", select "Superfish Inc. Visual Discovery" from the list, right click and click "Uninstall".


· Delete Superfish CA
Enter "certmgr.msc" in the Search Program and File window, right-click the "certmgr.msc" icon that appears after searching, and click "Run as administrator".


Click on "Trusted Root Certification Authority" → "Certificate", then select "Superfish, Inc.If you find out, right click and click "delete" OK.


◆ February 21, 2015 additional record
Lenovo officially unveils the Superfish uninstall tool. "By downloading and running the automatic deletion tool, you can completely delete Superfish applications and certificates."

How to uninstall Superfish - Lenovo Support (JP)
http://support.lenovo.com/jp/ja/documents/ht102634