Thursday, 26 February 2015

Lenovo cyber-attack

In the last few days we learned that some Lenovo laptops contained factory-fitted malware called Superfish.  Lenovo’s motivation seems to have been the injection of adverts into browsers.  This is naughty enough, but Superfish also had the potential to enable man-in-the-middle attacks.  I heard about Superfish the day after my wife bought a Lenovo laptop and sure enough, Superfish was there.  It was easy enough to get rid of, even though Lenovo was pretty rubbish about telling customers how to do it (it advised users to re-install Windows).  I understand it has published a set of removal tools now.

In a move that is presumably some sort of misguided attempt at revenge, Lenovo’s site has been targeted for cyber-attacks, with Lizard Squad claiming responsibility.  I’m not a fan of this kind of revenge attack but what Lenovo did was shitty.  I get more annoyed the more I think of it.  I still think the attacks were misguided, though.  Lenovo probably gets attacked all the time and it was probably customers looking for support that were affected most.  And it’s not clear that Lenovo has learned it’s lesson: it seems to be trying to fix the security issues in Superfish rather than committing to not manipulating the ads they see.

No comments:

Post a Comment