How to Protect Yourself from Lenovo's Superfish

Lenovo has been all over the news recently and for all the wrong reasons. Tech Talker explains the Lenovo security debacle, what it means for you, and how to protect yourself in the future.

Eric Escobar,
March 5, 2015
Episode #163

Page 1 of 2

This week, I’m going to discuss the latest security debacle surrounding computers sold by Lenovo. Even if you don’t own a Lenovo, these are valuable lessons to learn.

In the past few weeks, Lenovo has gained a lot of negative attention for their role in distributing a piece of software that comes preinstalled on their brand of laptops. The software in question, called Superfish, tracks every one of your online sessions in order to control what advertisements are displayed in your browser.

That sounds pretty bad in itself, right? You buy a brand new laptop and Lenovo fills it with software, also known as “bloatware” or “adware,” that’s designed to load you with advertisements. This type of software directly affects the performance and user experience of your new expensive piece of equipment.

So if it’s just junk software that slows your computer down, why do they include it?

Well that’s easy—money! Software companies will pay computer manufacturers, such as Lenovo, a lot of money to automatically install their software on their computers. This could lead to a much larger market share, more ad revenue, and better brand recognition.

Companies like Lenovo realize that adding this type of software won’t drastically reduce the number of people who buy their computers. The result—consumers like you and I get a subpar experience with slow computers filled with ads.

But this can’t just be about Lenovo putting junk software on brand new computers. That’s not very newsworthy, is it?

What Is a Root Certificate?

Well, that junk software also installed a root certificate on each computer. If that sounds more like a gardening term than anything to do with computers, here’s a quick and dirty explanation:

Root certificates are what your computer uses to send secure communications over the internet. For example, when you visit your banking website, email, Facebook, YouTube, Twitter—really any website you have to log in to—your communications are automatically encrypted between that website and your computer. This prevents someone on your network from snooping on what you’re doing.

That is a huge oversimplification of how secure communications are transmitted, but there’s an important take away. Essentially, if someone has a root certificate, or controls a root certificate on your computer, they can intercept pretty much any internet communication you have.

That sounds crazy, right? Why would one certificate have so much power? Well, that’s why it’s called a root certificate. Root certificates are the highest level certificates on any computer. Anyone with the password to a root certificate can decrypt any of your traffic, as long as they are on the same network as you or can intercept your communications.

So what's the problem with Lenovo's computers?


You May Also Like...