Spyware and malicious software has become a big nuisance for companies and individuals alike. While these companies and individuals can ensure cyber security as per their best judgment yet they have little control over pre installed malware and malicious software or codes in hard disks and operating systems.
Recently Kaspersky revealed that hardware based stealth spyware were used by. intelligence agencies to indulge in selective and targeted e-surveillance. Similarly, malicious firmware and BIOS are also big security threats for all stakeholders. Persistent BIOS infection using hidden rootkit is especially annoying and a major cyber security threat.
It has been reported that China’s Lenovo Group Ltd, the world’s largest PC maker, had pre-installed virus-like software on laptops that makes the devices more vulnerable to hacking. Users have complained that a programme called Superfish pre-installed by Lenovo on consumer laptops was “Adware”, or software that automatically displays adverts.
According to Robert Graham, CEO of U.S.-based security research firm Errata Security, Superfish was malicious software that hijacks and throws open encrypted connections, paving the way for hackers to also commandeer these connections and eavesdrop. This can give rise to a man-in-the-middle attack.
Lenovo had installed Superfish on consumer computers running Microsoft Corp’s Windows, he added. “This hurts Lenovo’s reputation,” Graham told Reuters. “It demonstrates the deep flaw that the company neither knows nor cares what it bundles on their laptops”. “The way the Superfish functionality appears to work means that they must be intercepting traffic in order to insert the ads,” said Eric Rand, a researcher at Brown Hat Security. “This amounts to a wiretap.”
An administrator on Lenovo’s official web forum said on Jan. 23 that Superfish has been temporarily removed from consumer computers. Lenovo has also promised that the allegations regarding Superfish will be investigated and the problem would be fixed.
Concerns about cybersecurity have dogged Chinese firms, including telecoms equipment maker Huawei Technologies Ltd over ties to China’s government and smartphone maker Xiaomi over data privacy. Huawei and ZTE are already in telecom security tangle of India. Huawei has also been accused of breaching national security of India by hacking base station controller in Andhra Pradesh. Cyber security concerns have already excluded Huawei from Australian broadband project. US House Intelligence Committee is also investigating Huawei cyber espionage angle.
These episodes prove that countries are becoming more and more aware about use of malware in software and hardware and companies must be wary of using anything that make the hardware/software potentially risky for cyber security purposes.