Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Lenovo and the Superfish fiasco...

Teddy Rogers
Teddy Rogers
in Network Security

Featured Replies

Posted

Lenovo and the Superfish fiasco...


 


Chinese PC manufacturer Lenovo made the news in a big way this week, but unfortunately these weren’t good news for anybody.

 


A little write up on the MITM attack...


 


https://blog.malwarebytes.org/privacy-2/2015/02/lenovo-and-the-superfish-fiasco/


 


And... Komodia/Superfish SSL Validation is broken


 


Ted.


I didn't understand it.


I uninstalled the software from Add/Remove programs features. Then I saw some article and I removed the Superfish certificate. What has happen or could happen ?


 


Thanks. PS: I'm so confused, also I'm running MalwareBytes and Windows Firewall.. 


Edited by NeWOT

I didn't understand it.

I uninstalled the software from Add/Remove programs features. Then I saw some article and I removed the Superfish certificate. What has happen or could happen ?

 

Thanks. PS: I'm so confused, also I'm running MalwareBytes and Windows Firewall.. 

MalwareBytes and Windows Firewall won't help you at all if the root certificate is still installed.

MalwareBytes and Windows Firewall won't help you at all if the root certificate is still installed.

But what happen or what could happen if I had it in my certificate?

On lenovo install it was something to accept T.O.S about their government something...

  • Author

In short someone could copy Komodia's security certificate very easily and instigate a MITM attack and you wouldn't even know there was a problem. Your "secure" connections to banks, merchant websites, etc. would be open for them to snoop on the contents of the traffic as if it had been sent in plain text. The big problem about this is that it is very easy to do.


 


I would recommend you ensure your machine is cleaned before connecting to unknown networks such as internet cafes, open WIFI connections, etc.


 


Apparently Windows Defender is now reporting this as a threat, that should tell you how bad it is!


 


Try this online test... https://filippo.io/Badfish/


 


Ted.


  • Author

You can read more about exploiting it here...


 



As discussed in my previous blogpost, it took about 3 hours to reverse engineer the Lenovo/Superfish certificate and crack the password. In this blog post, I described how I used that certificate in order to pwn victims using a rogue WiFi hotspot. This took me also about three hours.



 


http://blog.erratasec.com/2015/02/exploiting-superfish-certificate.html


 


Ted.


Create an account or sign in to comment

Go to topic listing

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.