Preloaded Superfish in Some Lenovo Laptops Raises Cyberattack Vulnerability

Image credit: Screenshot of official Lenovo website

Image credit: Screenshot of official Lenovo website

Your Lenovo laptop could be exposing you to cyberattacks. This is why the United States government released an advisory to customers who have bought Lenovo laptops, urging them to remove a pre-installed software that can compromise their security. The United States Department of Homeland Security wants to alert Lenovo laptop owners about one type of cyberattack that enables remote attackers to perform various illegal acts on Lenovo computers. The agency said that “systems that came with the software already installed will continue to be vulnerable until corrective actions have been taken.”


This pre-installed program is called Superfish. Although Lenovo laptops are China-made, the offending software is not from China. It is a program developed by an eponymous company based in California. According to Superfish CEO Adi Pinhas, the software supposedly helps users in finding more relevant results based on images of the products reviewed. Pinhas claims that the vulnerability was “inadvertently” introduced by Israel-based Komodia, which was responsible for developing the application.

The CEO of Komodia, Arak Weichselbaum, refused to give any comment about the vulnerability issue associated with Superfish. Nevertheless, Komodia’s website states that the company is indeed involved in the development of a “hijacker” that enables the viewing of data that have been encrypted using SSL technology.

According to Komodia’s website, “the hijacker uses Komodia’s redirector platform to allow you easy access to the data and the ability to modify, redirect, block, and record the data without triggering the target browser’s certification working.”

The Threat

Superfish makes users vulnerable to SSL spoofing. This means that remote attackers may be able to view encrypted web traffic that are supposed to be secure. Superfish also facilitates the redirection of traffic from official websites to spoof sites and undertake other forms of attacks.

According to Marc Rogers, a researcher at CloudFlare, devices with Superfish in them are prone to snooping. Usually, it could be the device manufacturer (Lenovo in this case) that could be doing the snooping. This is not to immediately say, however, that the manufacturer has criminal intentions. The manufacturer could only be collecting some marketing information. Still, there is the possibility of building profiles of users and spying on their banking connections cannot be quickly disregarded.

The Lenovo Laptops Affected

When pressed for information, Lenovo refused to reveal the extent of the problem. The company is not keen on disclosing the number of laptops affected by Superfish. However, the company said that only machines shipped from September to December last year had been pre-loaded with Superfish.

According to the Lenovo’s product security page, in a security advisory rated with “high” severity, the Superfish vulnerability affects the E-Series (E10-30), Flex-Series, G-series, Lenovo Edge 15, Miix-Series, S-Series, Y-Series, Yoga-Series, and Z-Series. The ThinkPad, Lenovo Desktop, ThinkStation, ThinkCentre, ThinkServer, and System X products are not affected.

Lenovo describes the Superfish threat as the interception of HTTP(S) traffic using a self-signed root certificate. The company claims that the pre-loading of Superfish has already been stopped and that pre-loading removal has already been started in January.

Superfish Removal

Removing Superfish can be done using an automatic removal tool. The tool can be downloaded from the Lenovo website. Those who prefer not downloading anything and manually doing the removal can also use the procedures presented on the Lenovo website.

The process is relatively simple. It can be done through the “Add or Remove Programs” tool of a Lenovo device. The item to be removed is named “Superfish Inc. Visual Discovery.” If you can’t find this item on the list of programs installed, this means that it has not been pre-loaded on your device.

After removing “Superfish Inc. Visual Discovery,” you also have to remove the Superfish certificate installed on your device. The certificate is associated with the web browsers. To remove it, you need to go to the “Manage Computer Certificates” tool (you can quickly search for it using Search in Windows 8.1). The certificate to be removed is named “Superfish, Inc.”

Image credit: Screenshot of official Lenovo website

Image credit: Screenshot of official Lenovo website

As of 2014, Lenovo has the biggest share of the desktop and laptop computer market, closely followed by HP. Many are likely to be affected by the Superfish problem so it’s important to disseminate information about the threat and to encourage the prompt and proper removal of the pre-loaded Superfish program.