Reported major security vulnerability with Superfish provides another precautionary lesson for K-12
The latest reported major security vulnerability provides another precautionary lesson for K-12 and post-secondary schools as they develop and evolve policies and technologies enabling laptops and other wireless devices to connect to their networks.
Lenovo Group Ltd. pre-installed Superfish Visual Discovery software on its branded personal computers including laptops and sold to consumers.
According to the U.S. Department of Homeland Security, Lenovo personal computers employing the pre-installed software contain a critical vulnerability through a compromised root CA certificate. Exploitation of that vulnerability could allow a hacker to read all encrypted Web browser traffic, impersonate or spoof any Web site or perform other attacks on the affected user’s computer.
Lenovo’s response to queries is limited to information posted on its website: “An automatic removal tool is available on Lenovo.com. Additionally, we will offer Lenovo PC users affected by this issue a free 6-month subscription to McAfee LiveSafe service (or a 6-month extension for existing subscribers).
Lenovo added that the problem with Superfish will result in the manufacturer significantly reducing pre-loaded applications. “Our goal is clear: To become the leader in providing cleaner, safer PCs.”