Adware is an incredibly annoying part of buying a pre-built computer from company’s like Lenovo but in some cases it can be dangerous as well. In the most recent instance, Lenovo exposed many of its users to potential man-in-the-middle attacks thanks to a piece of pre-loaded adware known as Superfish that injects product recommendations into search results. The company has since apologized and promised to resolve the issue.
Lenovo has admitted it “messed up badly” by pre-loading software on some consumer laptops that exposed users to possible attack, and said it will soon release a tool to remove it. “I have a bunch of very embarrassed engineers on my staff right now,” Lenovo CTO Peter Hortensius said in an interview Thursday. “They missed this.” Users have been complaining since September about the third-party program, called Superfish, which injects product recommendations into search results. But it only emerged Wednesday that the program also opens a serious security hole. The program interferes with SSL-encrypted Web traffic by installing its own root certificate in the trusted certificate store used by browsers. It then uses it to generate SSL certificates for HTTPS-enabled websites when they are visited by users. This allows it to act as a man-in-the-middle proxy between users and those secure websites.