Last week, a Lenovo customer filed a class-action lawsuit against the Chinese technology manufacturing company and its Superfish adware, charging both with having invaded customers’ privacy and made money off of analyzing their web browsing habits. In her lawsuit, plaintiff Jessica N. Bennet of California states that she traced a number of spam advertisements posted on a client’s website to the Superfish adware installed on her Yoga 2 laptop, which she used to write a blog post for that client. The court documents also assert that Bennet’s computer slowed as a result of Superfish using up Internet bandwidth and internal memory resources. Lenovo has yet to comment on the lawsuit. Late last week, news first broke about the Superfish malware, which uses man in the middle attacks (MitM) to break web security protocols and inject third-party advertisements into users’ web browsers without their permission. Besides violating customers’ privacy, as Bennet and others allege, Superfish potentially allows hackers to compromise a customer’s sensitive information because none of the data they enter online is actually being protected. “We trust our hardware manufacturers to build products that are secure,” commented hacker Marc Rogers in a blog post about the adware. “In this current climate of rising cybercrime, if you can’t trust your hardware manufacturer, you are in a very difficult position.” At first, Lenovo attempted to defuse the situation by claiming that Superfish had been disabled and posed no real threat. This drew the ire of multiple voices in the software developer community, which ultimately led the manufacturing company to issue a tool that automatically removes Superfish from affected computers. Lenovo’s tool comes several days after Windows Defender and McAfee first released a set of updates that allow users to remove the adware. But the Superfish cleanup might not be as simple as using a single tool. Over the weekend, security researchers discovered that the malware uses a software development kit (SDK) produced by Komodia for its HTTPS interception functionality. This SDK has been integrated into other software programs, which all intercept traffic in the same way as Superfish. The CERT Coordination Center (CERT/CC) has issued an advisory about the Komodia SDK issue as customers await an official response from Komodia, whose site is currently offline due to the high traffic it is receiving from worried customers and media outlets. With word from Komodia pending, any customers who fear they may be affected by the Superfish adware or Komdia’s SDK can refer to this resource here in the meantime.
