Lenovo’s adware disaster is even worse than we thought

Jacob Siegal

February 23, 2015 at 2:45 PM

News broke late last week that Lenovo had been shipping laptops with man-in-the-middle adware preinstalled which could hijack HTTPS traffic and insert its own ads onto websites that users were visiting.

This major security threat was initially found lurking in just two pieces of software on Lenovo’s computers, but the number rose dramatically over the weekend as Ars Technica reports security researchers discovered more applications riddled with adware. As of Sunday, at least 14 applications have been found to use the technology which puts users at risk.

“What all these applications have in common is that they make people less secure through their use of an easily obtained root CA [certificate authority], they provide little information about the risks of the technology, and in some cases they are difficult to remove,” Matt Richard, a threats researcher on the Facebook security team, wrote on Friday.

“Furthermore, it is likely that these intercepting SSL proxies won’t keep up with the HTTPS features in browsers (e.g., certificate pinning and forward secrecy), meaning they could potentially expose private data to network attackers. Some of these deficiencies can be detected by antivirus products as malware or adware, though from our research, detection successes are sporadic.”

Richard also took the time to list all of the software applications that use code from Komodia, the company that built the technology which is allowing these vulnerabilities to exist in the first place:

CartCrunch Israel LTD
WiredTools LTD
Say Media Group LTD
Over the Rainbow Tech
System Alerts
ArcadeGiant
Objectify Media Inc
Catalytix Web Services
OptimizerMonitor

For more information, be sure to check out Ars Technica’s thorough article on the subject.

News

Life

Entertainment

Finance

Sports

New on Yahoo

Lenovo’s adware disaster is even worse than we thought

Recommended Stories

WNBA Draft winners and losers: As you may have guessed, the Fever did pretty well. The Liberty? Perhaps not

Yankees pitcher Fritz Peterson, infamous for trading wives with a teammate, dies at 82

Boban Marjanović hilariously misses free throws on purpose to give Clippers fans free chicken

Robert Kraft reportedly warned Falcons owner Arthur Blank not to trust Bill Belichick during head coach interviews

UFC 300: 'We're probably gonna get sued' after Arman Tsarukyan appeared to punch fan during walkout

Nike responds to backlash over Team USA track kits, notes athletes can wear shorts

Rob Gronkowski's first pitch before the Red Sox's Patriots' Day game was typical Gronk

2024 Masters payouts: How much did Scottie Scheffler earn for his win at Augusta National?

Trump Media stock jumps for second day as company goes to battle with short sellers

MLB Power Rankings: Braves, Yankees surge to the top, followed by Dodgers, Orioles, Brewers

76ers' statue for Allen Iverson draws jokes, outrage due to misunderstanding: 'That was disrespectful'

TechCrunch Minute: New Atlas robot stuns experts in first reveal from Boston Dynamics

Report: The Toyota Highlander is going all-electric

Former Augusta National Golf Club employee charged with stealing millions in Masters memorabilia

Caitlin Clark reportedly close to 8-figure deal with Nike that includes signature shoe

LSU transfer Hailey Van Lith reportedly headed to TCU

How Victor Wembanyama's rookie season ranks in NBA history

Tesla layoffs hit high performers, some departments slashed, sources say

The Scorecard: 10 fantasy baseball hot takes to know through two weeks

Mock Draft Monday with Daniel Jeremiah: Bears snag Odunze, Raiders grab a QB