Since last week, Lenovo has been in the midst of the turmoil with the highlighting of Superfish, a software preinstalled on its laptops wishing to "help" users to discover potentially interesting products.
An adware that draws into the habits of the user on the Internet to adapt its proposals … In short it is no more and no less than adware. And the software goes further since it installs a self-signed root electronic certificate allowing it to intercept HTTPS encrypted traffic, thus presenting itself as a gateway for online attacks …
If Lenovo is currently in the spotlight, the manufacturer is not behind the development of SuperFish. At the controls, we find an Israeli company called Komodia which specializes in the creation of technologies allowing to intercept encrypted flows in SSL in order to insert unsolicited advertisements. The firm would have sold this technology to the Californian publisher Superfish.
The Superfish and Lenovo scandal led security researchers to Komodia, they now believe that the company poses a major security risk to Internet users, not just those using devices provided by Lenovo.
Indeed, the SSL interception technology developed by Komodia is currently found in a host of other software. Marc Rodgers, security researcher, would have spotted it in parental filters like Kuipira or Qustodio, in anonymization software like Easy Hide IP, network monitoring tools like StaffCop and even antivirus scanners like Lavasoft Ad-Aware Web Companion.
We would also find it in adware such as WiredTools, Say Media Group, CartCrunch, Over The Rainbow, System Alerts, Objectify Media, OptimizerStudio … The list is long and not exhaustive, and we are barely aware of the extent of the latter. Tens of thousands of users would be affected.
Since the case was updated, the Komodia website has responded to absent subscribers (it remains available on the Internet Archive). Of particular note is the statement by its CEO Barak Weichselbaum who would present himself almost as a benefactor on LinKedIn: "My greatest vision is to create a world where children can surf the Internet safely, and I make sure that this vision materializes."