Customers are being told to remove a pre-installed program on some Lenovo laptops because it makes users vulnerable to cyber attacks.
The United States Department of Homeland Security said the program allows remote attackers to read encrypted web traffic, redirect traffic from official websites to spoofs and perform other attacks, Reuters reported Monday.
“Systems that came with the software already installed will continue to be vulnerable until corrective actions have been taken,” the agency said.
California-based Superfish, which owns the program, said the software helps users achieve more relevant search results based on images of products viewed.
Adi Pinhas, chief executive of the Palo Alto, California-based company, cited Israel’s Komodia, which built the application described in the government notice, for “inadvertently” introducing the vulnerability.
Komodia’s website says it produces a “hijacker” that allows users to view data encrypted with SSL technology.
“The hijacker uses Komodia’s redirector platform to allow you easy access to the data and the ability to modify, redirect, block, and record the data without triggering the target browser’s certification warning,” according to the site.
Earlier, Lenovo offered customers the Superfish tool to help them remove pre-installed software that experts warned was a security risk.
The adware program was shipped on some of the company’s notebook devices, BBC News reported.
Lenovo said it had disabled the program because of customer complaints.
– Contact us at [email protected]