Lenovo have been criticised for selling laptops installed with Superfish – a program designed to help users find cheaper online products. But Superfish’s adware program is not just irritating, but extremely dangerous.
As Superfish works by breaking encrypted connections to analyse visited websites, it creates a ‘back-door’ into the computer – meaning hackers can go after your computer through Superfish rather than the individual websites.
“It’s the same root CA private-key for every computer”, Robert Graham of Errata Security told Forbes Magazine on Thursday. “This means hackers at your local cafe Wi-Fi hotspot, or the NSA eavesdropping on the internet, can use that private-key to likewise intercept all SSL connections from Superfish users.”
This isn’t the first time Superfish have come under fire since its inception in 2006. The company that developed the technology used by Superfish – SSL Digestor – is named Komodia. The founder, Barak Weichselbaum, was also part of the surveillance industrial complex in Israel, having carried out “military service as a programmer in the IDF’s Intelligence Core.” An ex-intelligence officer forcing encryption-breaking ads onto computers has raised eyebrows in the past, with the SSL Digestor technology present in other programs such as Windows Shopper.