News broke last night that Lenovo has been shipping laptops with a horrifically dangerous piece of software called Superfish, which tampers with Windows' cryptographic security to perform man-in-the-middle attacks against the user's browsing. This is done in order to inject advertising into secure HTTPS pages, a feature most users don't want implemented in the most insecure possible way.1
There's been some discussion about whether all copies of Superfish use the same root key to perform the MITM attacks. We can report that the Decentralized SSL Observatory has seen 44,000 Superfish MITM certificates, all of which have been signed by the same Superfish root cert.2 The fact that there are significant numbers of Firefox victims somewhat contradicts the speculation that Firefox is safe because it doesn't use the Windows root store. This either indicates that Superfish also injects its certificate into the Firefox root store, or that on a large number of occasions Firefox users have been clicking through certificate warnings caused by Superfish MITM attacks.
Lenovo has not just injected ads in a wildly inappropriate manner, but engineered a massive security catastrophe for its users. The use of a single certificate for all of the MITM attacks means that all HTTPS security for at least Internet Explorer, Chrome, and Safari for Windows, on all of these Lenovo laptops, is now broken. If you access your webmail from such a laptop, any network attacker can read your mail as well or steal your password. If you log into your online banking account, any network attacker can pilfer your credentials. All an attacker needs in order to perform these attacks is a copy of the Superfish MITM private key. There is (apparently) a copy of that key inside every Superfish install on every affected Lenovo laptop, which has now been extracted and posted online.
Using a MITM certificate to inject ads was an amateurish design choice by Superfish.3 Lenovo's decision to ship this software was catastrophically irresponsible and an utter abuse of the trust their customers placed in them.
If you purchased a Lenovo laptop recently (we have observed reports of the Superfish cert from the Decentralized SSL Observatory as early as October 2014), you can check if your machine is vulnerable here. We'll have more updates with details and defensive options later today.
- 1. Any browser (or other software) that uses HTTPS correctly needs a way to verify the certificates that link sites' domain names to the cryptographic public keys they use. This is accomplished by having a list of "root" certificate authorities (CAs) maintained by the operating system that can sign certificates that the browser will trust. This list is often called a "root store". A common technique for breaking HTTPS encryption is to add an additional, non-trustworthy CA to the browser or OS's root store. This technique is frequently used by corporate IT departments that want to spy on their employees' HTTPS traffic.
- 2. The Decentralized SSL Observatory only collects data from Firefox browsers running HTTPS Everywhere.
- 3. A safer (but still risky) alternative would be for Superfish to implement its ad-injecting functionality using a browser extension.