why lenovo, why
TRANSCRIPT
The SuperFish ScandalDABIN LEE
Brief Outline of Presentation
What is SuperFish?
How SuperFish works
Security Related Concerns
Conclusion
What is SuperFish
Analyzes images and keywords
Presents identical and similar product offers
Injects ads into websites using a SSL interception engine by Komodia
How SuperFish works
Installs a root certificate
Replaces the website’s security certificate
Inserts advertisements and pop-ups while browsing
What’s is a root certificate? Unsigned public key certificate
Self-signed certificate that identifies the Root Certificate Authority
What’s is a root certificate?Tells you who to trust and who not to trust
Comodo
GlobalSign
Verisign
DigiCert
Government Organizations
How SuperFish works
SuperFish acts as a client to the server
Man-in-the-middle
SuperFish - Concerns
Actively scans user’s behavior
Intercepts any HTTPS encrypted webpage
Issues its own SSL certificates
SuperFish – Concerns
Same private key for all SuperFish TLS certificate
Certificate’s private key has been revealed
Complete and unrestricted access to all PCs with SuperFish installed
SuperFish – Concerns Robert Graham, CEO of Errata Security
Infected his own laptop
Turned process dump into Strings
Filtered lower case words
Dictionary Attack “komodia”
SuperFish - Conclusion
SuperFish is an adware implemented in a very dangerous way
Download OS from trusted sources –MSDN, TechNet
Be aware when installing downloaded software
Check your laptop - filippo.io/Badfish/
E Series: E10-30
Edge Series: Lenovo Edge 15
Flex Series: Flex2 14, Flex2 15, Flex2 14D, Flex2 15D, Flex2 Pro, Flex 10
G Series: G410, G510, G710, G40-30, G40-45, G40-70, G40-80, G50-30, G50-50, G50-45, G50-70,
G50-80, G50-80Touch
Miix Series: Miix2 – 8, Miix2 – 10, Miix2 – 11, Miix 3 - 1030
S Series : S310, S410, S415, S415 Touch, S435, S20-30, S20-30 Touch, S40-70
U Series: U330P, U430P, U330 Touch, U430 Touch, U530 Touch
Y Series: Y430P, Y40-70, Y40-80, Y50-70, Y70-70
Yoga Series: Yoga2-11, Yoga2-13, Yoga2Pro-13, Yoga3 Pro
Z Series: Z40-70, Z40-75, Z50-70, Z50-75, Z70-80
References1. malwareprotectioncenter.com/2015/03/03/superfish/ by rogueblog
2. www.anandtech.com/show/8993/lenovo-superfish-and-security by Ian Cutress
3. blog.filippo.io/komodia-superfish-ssl-validation-is-broken/ by Flippo Vasorda
4. www.cnet.com/news/lenovo-hit-by-lawsuit-over-superfish-adware/ by Lance Whitney
5. www.cnet.com/news/lenovos-superfish-screwup-highlights-biggest-problem-in-software/ by Seth Rosenblatt
6. www.arstechnica.com/security/2015/02/lenovo-pcs-ship-with-man-in-the-middle-adware-that-breaks-https-connections/ by Dan Goodin
7. www.blog.erratasec.com/2015/02/extracting-superfish-certificate.html#.VRF9-PmUdO8 by Robert Graham