Do you still remember the Lenovo Superfish malware case earlier this year? This issue sparked a huge controversy on how secure laptops are. When those laptops came from factory and displayed on store, we expect to be 100% clean from any threat. That includes viruses, adware, trojan, malware, ransomware, and anything else. All we want is to purchase a good product. That’s why we urge those IT companies to apply strict QC standard to ensure we’ll only get the best on our hand. This quality control ensures one thing. Nothing would get through, unless things they want us to have.
So, the question here, does that mean some IT companies want to infect their customers with pre-installed malware?
That question is a tough one. It is the same question that had torn down Lenovo customers. Who do you think want their laptop filled with a malware? No one. Not even a tech expert.
Superfish malware is known for its unique ability in decrypting user’s web encryption. It turns the device vulnerable to any known cyber attack. As if it was not enough to turn your day to the worst day ever, this malware also injects lots of bothering ads to your browser. “Thanks to it,” wherever you go on the web, you’ll always see bothering ads on your browser.
We hate to say it, but we might not did good enough to fix this Superfish problem. Recently, we got reports that a malware similar to Superfish was found on Dell laptops.
As reported by Ars Technica on Tuesday, November 11th, 2015, this malware was first found by Joe Nord, a Dell customer. While scanning his computer for any malicious files, he found a strange certificate in Microsoft Management Console. Upon checking the certificate, he realized that it’s not just an ordinary certificate. In fact, it’s not a digital certificate at all. It is actually a malware, trying to disguise itself as a digital certificate. In other words, it mimics how Superfish works. Now, the worst thing for us is the best thing for hackers. This fake digital certificate allows them disguise themselves as any HTTPS website. Not even Google, Bing, Bank of America, or other HTTPS websites can escape.
This digital security certificate is planted as a rooted certificate on two Dell laptop variants, XPS 15 and Inspiron 5000. However, some Dell users also reported that this malware might also infect other laptop and desktop variants. Reported devices include Precision M4800, Latitude, and Dell Inspiron desktop. Until now, Dell is still investigating the issue.
With this malware, anyone with basic hacking skills can extract any website encryption key and use it to sign TLS cerfiticate on many HTTPS websites. Once done modifying the certificate, your browser will stop sending alert for possible fake web session. That means, you will never know whether you’re browsing on an original or fake website. All your information, including key stroke, account credentials, financial information, personal information, and many things else will be sent to the hackers. And you just feel you’re browsing as usual, believing you’re still safe online. The fact is, you don’t.
The only way to stay safe online is to act one step further than those hackers. If you want to stay safe, then start thinking like a real hacker. Analyze all possibilities and prepare for the worst. For this scenario, there is no better solution than a continuous protection for your system. You need something that will protect you 24/7, without leaving any tiny hole to cyber criminals. You need something reliable, something you can trust.
So, how can we keep you safe?