A vulnerability has been discovered in a piece of software that ships pre-loaded onto Lenovo computers that could grant hackers access to a user’s secure browser data, allowing third parties to potentially collect passwords, bank details, and other sensitive information.
Superfish, an adware program that Lenovo admitted in January it included as standard on its consumer PCs, reportedly acts as a man-in-the-middle” so it can access private data for advertising purposes. The adware makes itself an unrestricted root certificate authority, installing a proxy capable of producing spurious SSL certificates whenever a secure connection is requested. SSL certificates are small files, used by banks, social networks, retailers such as Amazon, and…
Read more at The Verge