Click to Skip Ad
Closing in...
  1. Amazon Gift Card Promotion
    14:41 Deals

    Amazon’s giving away $15 credits, but this is your last chance to get one

  2. Self-Emptying Robot Vacuum
    16:11 Deals

    Amazon coupon slashes our favorite self-emptying robot vacuum to its lowest price ever

  3. Amazon Echo Auto Price
    11:41 Deals

    Last chance to add hands-free Alexa to your car for $19.99 with this Amazon deal

  4. Amazon Deals
    07:58 Deals

    10 deals you don’t want to miss on Saturday: $5 Alexa smart plugs, $110 electric sta…

  5. Amazon Deals
    07:59 Deals

    10 deals you don’t want to miss on Sunday: Rare Nest Thermostat sale, Alexa in your…




Lenovo’s adware disaster is even worse than we thought

February 23rd, 2015 at 2:45 PM
Lenovo Adware Affected Applications

News broke late last week that Lenovo had been shipping laptops with man-in-the-middle adware preinstalled which could hijack HTTPS traffic and insert its own ads onto websites that users were visiting.

This major security threat was initially found lurking in just two pieces of software on Lenovo’s computers, but the number rose dramatically over the weekend as Ars Technica reports security researchers discovered more applications riddled with adware. As of Sunday, at least 14 applications have been found to use the technology which puts users at risk.

READ MORE: Microsoft just nuked Lenovo’s adware so you hopefully don’t have to

“What all these applications have in common is that they make people less secure through their use of an easily obtained root CA [certificate authority], they provide little information about the risks of the technology, and in some cases they are difficult to remove,” Matt Richard, a threats researcher on the Facebook security team, wrote on Friday.

“Furthermore, it is likely that these intercepting SSL proxies won’t keep up with the HTTPS features in browsers (e.g., certificate pinning and forward secrecy), meaning they could potentially expose private data to network attackers. Some of these deficiencies can be detected by antivirus products as malware or adware, though from our research, detection successes are sporadic.”

Richard also took the time to list all of the software applications that use code from Komodia, the company that built the technology which is allowing these vulnerabilities to exist in the first place:

  • CartCrunch Israel LTD
  • WiredTools LTD
  • Say Media Group LTD
  • Over the Rainbow Tech
  • System Alerts
  • ArcadeGiant
  • Objectify Media Inc
  • Catalytix Web Services
  • OptimizerMonitor

For more information, be sure to check out Ars Technica’s thorough article on the subject.

Jacob started covering video games and technology in college as a hobby, but it quickly became clear to him that this was what he wanted to do for a living. He currently resides in New York writing for BGR. His previously published work can be found on TechHive, VentureBeat and Game Rant.




Popular News