Our Blog

Our Blog

The Problem with Superfish and Komodia

Tags: , , , Cyber Security, Explanations

Komodia exploited HTTPS certificate verification.It was recently brought to light that the computer company Lenovo built and sold laptops with an adware program preinstalled between October and December 2014. The program, called Superfish, was designed to inject ads onto secure HTTPS web pages.  This sounds bad enough on its own, but it gets worse. To do this Superfish uses a code library, from an Israeli company called Komodia, that installs a self-signing root HTTPS certificate that falsely represents itself as the website’s official certificate.

Why this is Bad

The problem with Superfish, and its komodia code, is that it poorly circumvents HTTPS site certificates are how your browser judges whether the site is legitimate. For example, under normal conditions a fishing site set up to look like a Bank of America site would be flagged by your browser for having a false certificate and a warning would pop up in your browser that the site you were attempting to access had an invalid certificate. In the case of Superfish, the adware is easily tricked into recognizing fake certificates as valid, and then goes onto allow you access to the website with it’s self-signed certificate, without you being flagged by your browser. The encryption code for Superfish was also recently discovered, and shared with the world, making the process even easier for attackers. The Electronic Frontier Foundation, a nonprofit organization focused on defending digital rights like privacy, performed a study found that Superfish adware caused web browsers to accept the certificates from at least 1,600 sites that they shouldn’t have. And it doesn’t stop with Superfish.

Other Programs using Komodia Code

Since the discovery of Superfish adware and its potential hazard, twelve other programs have been found that use the same Komodia code that defeats HTPPS. One of those twelve programs, Trojan.Nurjax is a malicious program that compromises computers and makes them download other threatening programs. The programs that use the Komodia code are as follows:

  • ArcadeGiant
  • CartCrunch Israeal LTD
  • Catalytix Web Services
  • “Keep My Family Secure” (Made by Komodia)
  • Kurupira Webfilter
  • Objectify Media inc
  • OptimizerMonitor
  • Over The Rainbow Tech
  • Qustodio
  • Say Media Group LTD
  • System Alerts
  • WiredTools LTD

The Good News

If there is a silver lining in this situation it’s that the security vulnerability was discovered relatively quickly, identified, and reported on in the media. Because we know about the security vulnerability now we can take steps to avoid it, or remove it if it’s already present. Lenovo has given directions on how to remove Superfish from their laptops that can be found here. The entire incident has importance of transparency in purchasing a product, and the importance of information technology education. At Working Nets we believe that consumer education is one of the greatest weapons we have against the modern dangers of the digital environment.

Keep Your Business Secure from Superfish and Other Threat with Working Nets

At Working Nets, we know that handling the cybersecurity for a business while actually keeping that business running can seem impossible, especially in the daunting face of cyber-attacks against much larger businesses. Outsourcing your IT can give you peace of mind and allow you to take care of the things that are important for your company. Working Nets is a Maryland based IT Service and Security company that services small businesses nationwide. We’re always on top of emerging cybersecurity trends and threats so you don’t have to be.

To talk to someone about managed IT for your business, give us a call at (443) 992-7394. We’d be happy to assist you with your professional business networking needs.

You can also visit WorkingNets.com and follow us on FacebookTwitterLinkedIn and Google+

About Working Nets

Related Posts