Lenovo Ships Superfish Adware Preinstalled On Systems
Lenovo is selling computers that come preinstalled with adware that hijacks encrypted Web sessions and may make users vulnerable to HTTPS man-in-the-middle attacks that are trivial for attackers to carry out, security researchers said.
Lenovo ships Superfish adware preinstalled on systems
In February 2015 I blogged about Lenovo's Superfish adware shipped with new systems (see Lenovo ships Superfish adware preinstalled on systems). A few weeks later we learned about Lenovo Service Engine (LSE), which I called Superfish reloaded II. Lenovo Service Engine (LSE) is a software, that allows the OEM to service a Windows installation on Lenovo machines. But this OEM software called Lenovo Service Engine (LSE) survives a fresh Windows install. The case has been discussed here at the arstechnica forum. User ge814 wrote:
Similar articles:Lenovo ships Superfish adware preinstalled on systemsDell's Superfish 2: Devices shipped with cloneable Root certificateUninstalling 'uninstallable' Windows UpdatesWindows 10 error 'Device not migrated'How to block Windows 10 updates
In 2015, there was an incident involving Lenovo PC which was shipped with a preinstalled image advertisement optimizer and it was developed by Superfish. Superfish is a form of adware that can hijack an encrypted Web sessions and open a system up to potential HTTPS man-in-the-middle (MiTM) attacks, which implies that ads will be there in encrypted files.