Download - Why Lenovo, Why
![Page 1: Why Lenovo, Why](https://reader034.vdocuments.net/reader034/viewer/2022042517/58f1c3d91a28ab92078b457b/html5/thumbnails/1.jpg)
The SuperFish ScandalDABIN LEE
![Page 2: Why Lenovo, Why](https://reader034.vdocuments.net/reader034/viewer/2022042517/58f1c3d91a28ab92078b457b/html5/thumbnails/2.jpg)
Brief Outline of Presentation
What is SuperFish?
How SuperFish works
Security Related Concerns
Conclusion
![Page 3: Why Lenovo, Why](https://reader034.vdocuments.net/reader034/viewer/2022042517/58f1c3d91a28ab92078b457b/html5/thumbnails/3.jpg)
![Page 4: Why Lenovo, Why](https://reader034.vdocuments.net/reader034/viewer/2022042517/58f1c3d91a28ab92078b457b/html5/thumbnails/4.jpg)
What is SuperFish
Analyzes images and keywords
Presents identical and similar product offers
Injects ads into websites using a SSL interception engine by Komodia
![Page 5: Why Lenovo, Why](https://reader034.vdocuments.net/reader034/viewer/2022042517/58f1c3d91a28ab92078b457b/html5/thumbnails/5.jpg)
![Page 6: Why Lenovo, Why](https://reader034.vdocuments.net/reader034/viewer/2022042517/58f1c3d91a28ab92078b457b/html5/thumbnails/6.jpg)
![Page 7: Why Lenovo, Why](https://reader034.vdocuments.net/reader034/viewer/2022042517/58f1c3d91a28ab92078b457b/html5/thumbnails/7.jpg)
How SuperFish works
Installs a root certificate
Replaces the website’s security certificate
Inserts advertisements and pop-ups while browsing
![Page 8: Why Lenovo, Why](https://reader034.vdocuments.net/reader034/viewer/2022042517/58f1c3d91a28ab92078b457b/html5/thumbnails/8.jpg)
What’s is a root certificate? Unsigned public key certificate
Self-signed certificate that identifies the Root Certificate Authority
![Page 9: Why Lenovo, Why](https://reader034.vdocuments.net/reader034/viewer/2022042517/58f1c3d91a28ab92078b457b/html5/thumbnails/9.jpg)
What’s is a root certificate?Tells you who to trust and who not to trust
Comodo
GlobalSign
Verisign
DigiCert
Government Organizations
![Page 10: Why Lenovo, Why](https://reader034.vdocuments.net/reader034/viewer/2022042517/58f1c3d91a28ab92078b457b/html5/thumbnails/10.jpg)
![Page 11: Why Lenovo, Why](https://reader034.vdocuments.net/reader034/viewer/2022042517/58f1c3d91a28ab92078b457b/html5/thumbnails/11.jpg)
![Page 12: Why Lenovo, Why](https://reader034.vdocuments.net/reader034/viewer/2022042517/58f1c3d91a28ab92078b457b/html5/thumbnails/12.jpg)
How SuperFish works
SuperFish acts as a client to the server
Man-in-the-middle
![Page 13: Why Lenovo, Why](https://reader034.vdocuments.net/reader034/viewer/2022042517/58f1c3d91a28ab92078b457b/html5/thumbnails/13.jpg)
![Page 14: Why Lenovo, Why](https://reader034.vdocuments.net/reader034/viewer/2022042517/58f1c3d91a28ab92078b457b/html5/thumbnails/14.jpg)
![Page 15: Why Lenovo, Why](https://reader034.vdocuments.net/reader034/viewer/2022042517/58f1c3d91a28ab92078b457b/html5/thumbnails/15.jpg)
SuperFish - Concerns
Actively scans user’s behavior
Intercepts any HTTPS encrypted webpage
Issues its own SSL certificates
![Page 16: Why Lenovo, Why](https://reader034.vdocuments.net/reader034/viewer/2022042517/58f1c3d91a28ab92078b457b/html5/thumbnails/16.jpg)
SuperFish – Concerns
Same private key for all SuperFish TLS certificate
Certificate’s private key has been revealed
Complete and unrestricted access to all PCs with SuperFish installed
![Page 17: Why Lenovo, Why](https://reader034.vdocuments.net/reader034/viewer/2022042517/58f1c3d91a28ab92078b457b/html5/thumbnails/17.jpg)
SuperFish – Concerns Robert Graham, CEO of Errata Security
Infected his own laptop
Turned process dump into Strings
Filtered lower case words
Dictionary Attack “komodia”
![Page 18: Why Lenovo, Why](https://reader034.vdocuments.net/reader034/viewer/2022042517/58f1c3d91a28ab92078b457b/html5/thumbnails/18.jpg)
![Page 19: Why Lenovo, Why](https://reader034.vdocuments.net/reader034/viewer/2022042517/58f1c3d91a28ab92078b457b/html5/thumbnails/19.jpg)
SuperFish - Conclusion
SuperFish is an adware implemented in a very dangerous way
Download OS from trusted sources –MSDN, TechNet
Be aware when installing downloaded software
Check your laptop - filippo.io/Badfish/
![Page 20: Why Lenovo, Why](https://reader034.vdocuments.net/reader034/viewer/2022042517/58f1c3d91a28ab92078b457b/html5/thumbnails/20.jpg)
E Series: E10-30
Edge Series: Lenovo Edge 15
Flex Series: Flex2 14, Flex2 15, Flex2 14D, Flex2 15D, Flex2 Pro, Flex 10
G Series: G410, G510, G710, G40-30, G40-45, G40-70, G40-80, G50-30, G50-50, G50-45, G50-70,
G50-80, G50-80Touch
Miix Series: Miix2 – 8, Miix2 – 10, Miix2 – 11, Miix 3 - 1030
S Series : S310, S410, S415, S415 Touch, S435, S20-30, S20-30 Touch, S40-70
U Series: U330P, U430P, U330 Touch, U430 Touch, U530 Touch
Y Series: Y430P, Y40-70, Y40-80, Y50-70, Y70-70
Yoga Series: Yoga2-11, Yoga2-13, Yoga2Pro-13, Yoga3 Pro
Z Series: Z40-70, Z40-75, Z50-70, Z50-75, Z70-80
![Page 21: Why Lenovo, Why](https://reader034.vdocuments.net/reader034/viewer/2022042517/58f1c3d91a28ab92078b457b/html5/thumbnails/21.jpg)
References1. malwareprotectioncenter.com/2015/03/03/superfish/ by rogueblog
2. www.anandtech.com/show/8993/lenovo-superfish-and-security by Ian Cutress
3. blog.filippo.io/komodia-superfish-ssl-validation-is-broken/ by Flippo Vasorda
4. www.cnet.com/news/lenovo-hit-by-lawsuit-over-superfish-adware/ by Lance Whitney
5. www.cnet.com/news/lenovos-superfish-screwup-highlights-biggest-problem-in-software/ by Seth Rosenblatt
6. www.arstechnica.com/security/2015/02/lenovo-pcs-ship-with-man-in-the-middle-adware-that-breaks-https-connections/ by Dan Goodin
7. www.blog.erratasec.com/2015/02/extracting-superfish-certificate.html#.VRF9-PmUdO8 by Robert Graham