Now Reading
Lenovo Caught Preinstalling Adware on Laptops

Lenovo Caught Preinstalling Adware on Laptops

by Neil SardesaiFebruary 20, 2015

PC maker Lenovo has come under fire for reportedly bundling its laptops with security-compromising adware. According to Lenovo users and security researchers, the preinstalled software, known as Superfish, injects third-party ads into Google search results and other websites without the user knowing. 

To inject ads, Superfish relies on a man-in-the-middle attack where it installs a self-generated certificate into the Windows certificate store. Then, Superfish resigns all SSL certificates with its own certificate. But if this weren’t bad enough, Superfish installs the exact same root certificate on all affected Lenovo PCs with the same weak RSA key instead of generating a unique certificate for each device.


Users have reported Superfish being preloaded on Lenovo laptops since mid-2014, though the news only recently received media attention. Since then, security researchers like Kenn White have analyzed the adware and seen just how problematic it is.

Superfish Certificate
Superfish issues its own proxy certificates to websites and hijacks HTTPS traffic to inject ads. Furthermore, since the same private key is used for all root certificates, cracking the key would allow an attacker to create a malicious certificate that all affected Lenovo machines would trust. In fact, researchers have already cracked the private key. With a rogue certificate, an attacker could easily masquerade as a secure site like Bank of America, and the Lenovo machine would have no way to detect the forgery.

Lenovo’s Response

Lenovo has responded to its criticism in the style of a classic non-apology. According to Lenovo, Superfish was installed on some computers to “help customers potentially discover interesting products while shopping.” However, since user feedback was “not positive,” Lenovo ended the partnership with Superfish in January. Interestingly, Lenovo claims,

We have thoroughly investigated this technology and do not find any evidence to substantiate security concerns,

despite the overwhelming amount of evidence suggesting otherwise presented in the previous section.

Protecting Yourself

Lenovo stated that Superfish was installed on laptops shipped between October and December 2014. If you own an infected Lenovo laptop, simply uninstalling Superfish doesn’t actually remove the troublesome certificate. That has to be removed manually. Most (if not all) PC manufacturers bundle bloatware with new computers, something that Windows users have grown accustomed to. However, preloading security-compromising adware is an entirely different story. The best way to not have to deal with OEM crapware is to do a clean reinstall of Windows when you first buy your PC, build your own PC, or buy a Mac.

Images from Shutterstock.

Advertised sites are not endorsed by us. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
What's your reaction?
Love it
Hate it
  • Kastein

    Agree, better buy a Mac!

  • Illutian Kade

    lol at the people who can’t build a computer.

    • Cohagen

      You couldn’t build a speak and spell, so smegg off buttknocker!

  • Max Price

    I only have ever bought ThinkPad Laptops…. that software shouldn’t show on higher end Lenovo products. I have 3 ThinkPads, owned 4 ever IBM and never had compromising issues. Stick with ThinkPad brand, they have to answer to IBM still in regards to those laptops; Lenovo can do what they want with all other line of Laptops of theirs EXCEPT ThinkPad, which is still tied in with IBM since when I have a problem, it’s an IBM tech that comes over 🙂