Something fishy at Lenovo

02/20/2015 10:54

Over the past few days, Lenovo has come under increasing fire for adding Superfish adware to its consumer products. While adware/bloatware is nothing new, this software not only hijacks web searches to show ads, but it exposes customers to vulnerabilities that can intercept private and protected information. This preinstalled adware intercepts traffic from all types of browsers, and can intercept secure communications to websites such as banks, health care providers, and online shopping sites.


Superfish was included in some Lenovo consumer laptops between September 2014 and February 2015. Here is a link to Lenovo support for more information and removal instructions:


Note: According to Lenovo support, this affects consumer products only. Not affected are their business lines such as ThinkPad, ThinkCentre, Lenovo Desktop, ThinkStation, ThinkServer and System x products.


This is a very serious issue, but more disturbing is the reason Lenovo included this software in the first place. Superfish’s stated purpose was to show unsuspecting customers different ads than they would normally see in order to “…supplement the shopping experience.” (


In other words, if this software did not have a critical vulnerability, someone would presumably be getting advertising revenue from unwitting Lenovo customers by collecting and altering their internet browsing. As icing on the cake, Superfish was designed to not be removable by the customer. In fact, Lenovo finally released a special tool to remove Superfish just this morning.


(Cross posted from )