Lenovo users: Your machine has factory installed malware

Lenovo has admitted to installing the superfish software program on all Lenovo laptops it shipped to consumers over the last several months.  The official Lenovo support page details the specific models  affected by this here.

Extreme Tech has a step by step on how to remove this from your machine if you are impacted by this.

This was a stupid move all around by Lenovo, since the encryption key that they used was out of date by 7 years:

“One final note. The public key for the Superfish certificate is encrypted in 1024-bit RSA. Security researchers began recommending a move away from 1024-bit keys back in 2007,NIST (National Institute of Standards and Technology) was recommending 2048-bit key adoption by 2010, with 1024-bit keys banned by 2013. Not only is this certificate broken, cracked, and a profound security hazaard — it’s compromised by key length on top of everything else.”

Leave a Reply

Your email address will not be published. Required fields are marked *