SuperFish - The Saga Continues

Tags: Security

By now, some (most?) of you will have heard of Lenovo's blunder of shipping its PC's and laptops with a particular nasty bit of malware dubbed SuperFish. A quick recap. Lenovo thought it was a good idea to pre-install some malware on unsuspecting people's new computer which would inject advertisements into the browser. As if this isn't bad enough, researchers found that SuperFish would actually issue its own SSL certificates - effectively setting up a man-in-the-middle attack so that encrypted traffic could be analyzed. You can read a more in-depth article on the BBC website

The story doesn't end here though...

SuperFish!

Someone managed to extract the certificate from the malware and cracked the password (komodia). What does this mean? That everyone can now intercept the encrypted communications of the victims using a simple wifi sniffing tool at a local cafe or other hotspot. The password 'komodia' also suggests the company that wrote the software - Komodia. They have software to allow for e.g. parental control and other spying needs. 

Besides the obvious - who the heck though it would be a good idea to do this!? - it also highlights yet again that security (and user safety) is not taken serious...