News broke late last week that Lenovo had been shipping laptops with man-in-the-middle adware preinstalled which could hijack HTTPS traffic and insert its own ads onto websites that users were visiting.
This major security threat was initially found lurking in just two pieces of software on Lenovo’s computers, but the number rose dramatically over the weekend as Ars Technica reports security researchers discovered more applications riddled with adware. As of Sunday, at least 14 applications have been found to use the technology which puts users at risk.
“What all these applications have in common is that they make people less secure through their use of an easily obtained root CA [certificate authority], they provide little information about the risks of the technology, and in some cases they are difficult to remove,” Matt Richard, a threats researcher on the Facebook security team, wrote on Friday.
“Furthermore, it is likely that these intercepting SSL proxies won’t keep up with the HTTPS features in browsers (e.g., certificate pinning and forward secrecy), meaning they could potentially expose private data to network attackers. Some of these deficiencies can be detected by antivirus products as malware or adware, though from our research, detection successes are sporadic.”
Richard also took the time to list all of the software applications that use code from Komodia, the company that built the technology which is allowing these vulnerabilities to exist in the first place:
- CartCrunch Israel LTD
- WiredTools LTD
- Say Media Group LTD
- Over the Rainbow Tech
- System Alerts
- Objectify Media Inc
- Catalytix Web Services
For more information, be sure to check out Ars Technica’s thorough article on the subject.