Israel Matzav: It's come to this: US urges Lenovo users to remove Israeli software, claiming fear of cyberattack

Sunday, February 22, 2015

It's come to this: US urges Lenovo users to remove Israeli software, claiming fear of cyberattack

The United States government has urged users of Lenovo computers to remove an Israeli-developed program called Superfish, which it claims make the users vulnerable to hijacking.

The Department of Homeland Security said in an alert that the program makes users vulnerable to a type of cyberattack known as SSL spoofing, in which remote attackers can read encrypted web traffic, redirect traffic from official websites to spoofs, and perform other attacks.

"Systems that came with the software already installed will continue to be vulnerable until corrective actions have been taken," the agency said.

Adi Pinhas, chief executive of Palo Alto, California-based Superfish, said in a statement that his company's software helps users achieve more relevant search results based on images of products viewed. He said the vulnerability was "inadvertently" introduced by Israel-based Komodia, which built the application described in the government notice.

Komodia CEO arak Weichselbaum declined comment on the vulnerability.

Komodia's website says it produces a "hijacker" that allows users to view data encrypted with SSL technology.

"The hijacker uses Komodia’s redirector platform to allow you easy access to the data and the ability to modify, redirect, block, and record the data without triggering the target browser’s certification warning," according to the site.

Marc Rogers, a researcher with CloudFlare, said that means companies which deploy Komodia technology can snoop on web traffic.

"These guys can do everything from just collect a little bit of marketing information, all the way to building a profile on you and spying on your banking connections," he said. "It's a very dangerous slope."

Rogers said that use of Komodia's technology in other products makes them vulnerable to the same types of attacks as Lenovo's Superfish.

You don't think this is another attack by the Obama administration on Israel now, do you?

Labels: Barack Hussein Obama, cyberwar, Israeli high tech

2 Comments:

At 1:14 PM, The Lone Cabbage said...: I'm in high tech in Israel, and I have several friends at Superfish. This is 100% Superfish's fault, and has 0 to do with US/Israel relations.
At 6:38 PM, dwave said...: I can confirm what The Lone Caggabe posted. Superfish is an incredibly dumb, insecure way to push ads into HTTPS sessions. I hope Komodia is already out of business as I write this.

Post a Comment

<< Home

Name: Carl in Jerusalem

Location: Jerusalem, Israel

I am an Orthodox Jew - some would even call me 'ultra-Orthodox.' Born in Boston, I was a corporate and securities attorney in New York City for seven years before making aliya to Israel in 1991 (I don't look it but I really am that old :-). I have been happily married to the same woman for thirty-five years, and we have eight children (bli ayin hara) ranging in age from 13 to 33 years and nine grandchildren. Four of our children are married! Before I started blogging I was a heavy contributor on a number of email lists and ran an email list called the Matzav from 2000-2004. You can contact me at: IsraelMatzav at gmail dot com

View my complete profile

Site Feed

Like what you see? Please hit my tip box below!