Announcement

Collapse
No announcement yet.

Kubuntu protects us from Lenovo's preinstalled spyware, right?

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Kubuntu protects us from Lenovo's preinstalled spyware, right?

    Boos and jeers for Lenovo. According to the following article, Lenovo sold laptops with the Superfish spyware app. Nice going, Lenovo. I own a Lenovo. However, I've wiped the Windows 7 OS that came preinstalled and have replaced it with Kubuntu. I do run Windows 7, but under VirtualBox, and I block its Internet access, except for brief periods of time, and even then I don't surf the web in Windows. It's also a straight copy of Windows 7, not the crapware-bundled one from Lenovo. Also, Lenovo has said Superfish was installed on laptops released between October and December of 2014. I bought mine in 2012. So, I'm in the clear, right?

    It blows my mind that a big company would release laptops with crapware that can actually facilitate spying. The crapware that comes with Windows PCs is already bad enough. What I wonder about is if some companies are making laptops with hardware-based spyware so that even the use of Linux won't stop it.

    Here's the article:
    http://arstechnica.com/security/2015...s-connections/
    Kubuntu 22.04 (desktop & laptop), Windows 7 &2K (via VirtualBox on desktop PC)
    ================================

    #2
    Originally posted by Tom_ZeCat View Post
    ... What I wonder about is if some companies are making laptops with hardware-based spyware so that even the use of Linux won't stop it.
    RE hardware compromise:

    I've been reading this in various reporting services. This is one link, there are others if you do a websearch:

    http://www.foxnews.com/tech/2015/02/...nto-cyber-spy/

    I make no claims that this is fact, but who know for sure?
    Last edited by TWPonKubuntu; Feb 20, 2015, 03:02 PM.
    Kubuntu 24.11 64bit under Kernel 6.11.7, Hp Pavilion, 6MB ram. Stay away from all things Google...

    Comment


      #3
      I'll definitely do a web search. I've found stories are very hit or miss with Fox News, and sometimes they really miss, taking things out of context, using hyperbole, etc. On the other hand, there aren't that many news sources that are very trustworthy anyway. Too many of them sensationalize since the name of the game nowadays is clickbait. I trust the BBC more than most of them, but even they have their biases.

      In any event, on a FB forum some people are claiming that this Superfish that comes preinstalled can allow a hacker to spy on even a Linux system. That doesn't seem possible since it's designed to run under Windows. If you've formatted your hard drive, wiped Windows, and installed your favorite Linux distro, how the hell is this Superfish supposed to still be running? Some people on FB have been claiming that it still runs anyway, but that doesn't seem possible unless it's somehow hardwired into the laptop's very architecture. That doesn't seem possible since there are instructions on the Internet on how to remove it. Methinks I've encountered some people who don't know diddly squat about Linux.

      Note: It is indeed possible to get malware on a Linux system if you're dumb enough to install a trojan, typing in your root password, but it seems to me that this Superfish thing is toast as soon as the hard drive is wiped. Am I wrong?
      Kubuntu 22.04 (desktop & laptop), Windows 7 &2K (via VirtualBox on desktop PC)
      ================================

      Comment


        #4
        RE Superfish, the reports I'm reading are related only to Windows and saying the some of the removal instructions will miss the cookie-like files it created, resulting in it continuing to act. Again, only under Windows. If they have dual boot, then that may be problem. I'm strictly Linux, so not a problem here.

        Wiping the entire drive would seem to be a fix, if somewhat overkill. Reports say the some backups can be safely restored after a drive wipe, but I have no experience to back that.

        The one I'm really worried about is the hard drive SW installed in the factory, see my previous link for info on this.
        Kubuntu 24.11 64bit under Kernel 6.11.7, Hp Pavilion, 6MB ram. Stay away from all things Google...

        Comment


          #5
          Superfish is adware that has malware characteristics. It installs a self-signed root certificate into the Windows certificate store and the Firefox (for Windows) certificate store. When a browser makes a connection to a TLS/SSL server, the Superfish service generates, on the fly, a certificate that spoofs the actual destination. It presents this certificate to the browser, and the browser thinks it has connected to the server. Then the Superfish service connects to the real destination and fetches pages. The service receives TLS/SSL content from the server, decrypts it, inserts advertisements, and then sends the modified content to the browser.

          This is pure man-in-the-middle attack against TLS. It has a number of very bad characteristics:
          • It hides any warnings you might normally receive if the true server's certificate was revoked or expired
          • The same private key is used on every machine containing Superfish; thus, it's possible for an attacker to spoof any site s/he wishes and those with affected Lenovo laptops would never know
          • The certificate was protected with a simple word -- "komodia" -- that a researcher was able to crack in 10 seconds
          • The Superfish service has full visibility into everything happening in the browser, in clear text

          Superfish was present on certain factory-shipped consumer (not business) Lenovo laptops only, built between September 2014 and February 2015. Server-side interactions were disabled in January; no ad insertion is happening now. You can remove Superfish without rebuilding your PC. Lenovo laptops running Linux are not affected. Windows VMs you built yourself are not affected. Anyone claiming that Superfish can allow an attacker to penetrate these is wrong.

          All manufacturers are guilty of filling their PCs with bloatware -- it's the only way they make money. Lenovo usually isn't the worst, but in this case they really fscked up. Of course, someone from Superfish is trying to pass the buck to an unnamed third party.



          More information on hard drive firmware hacking by the Equation Group:

          http://arstechnica.com/information-t...sive-backdoor/
          http://arstechnica.com/security/2015...found-at-last/

          Comment


            #6
            Just to add to the mess, there are other software using the same/similar certificate approach. These are used by some very big companies. From the article:

            ..."One is parental control software from Komodia called "Keep My Family Secure," a second is parental control software marketed by an outfit called Qustodio, and the third is a known as Kurupira Webfilter."...

            The article may be found on Ars Technica:

            http://arstechnica.com/security/2015...mber-of-users/

            Again, this appears to be limited (now) to the Windows platform. But I think (opinion) this could compromise everyone if data is shared across windows based servers. It never stops.
            Kubuntu 24.11 64bit under Kernel 6.11.7, Hp Pavilion, 6MB ram. Stay away from all things Google...

            Comment


              #7
              Originally posted by SteveRiley View Post
              All manufacturers are guilty of filling their PCs with bloatware -- it's the only way they make money.
              Minor correction: All big name manufacturers. See system76.com, and others.

              Comment


                #8
                Originally posted by TWPonKubuntu View Post
                Again, this appears to be limited (now) to the Windows platform. But I think (opinion) this could compromise everyone if data is shared across windows based servers. It never stops.
                Sharing across servers isn't enough. When I wrote "Superfish service" earlier, "service" is in the context of Windows here. A Windows service is some code that runs on the machine at boot or when invoked and stays running. Services have to be installed (typically via an .MSI file) before they can be invoked. Connecting a PC to a file share on which Superfish got installed will not spread Superfish to the PC.

                Originally posted by ronw View Post
                Minor correction: All big name manufacturers. See system76.com, and others.
                Good point.

                Comment


                  #9
                  Lenovo is made in China. LOTS of hardware/firmware is made in China. CPUs/GPUs and firmware contain code (microcode, but code).

                  Ken Thompson, the co-developer of C, wrote a response to an ACM award in their August, 1984 issue of "Communications of the ACM". The first part of his response leads up to this paragraph:
                  The final step is represented in Figure 7. This simply adds a second Trojan horse to the one that already exists. The second pattern is aimed at the C compiler. The replacement code is a Stage I self-reproducing program that inserts both Trojan horses into the compiler. This requires a learning phase as in the Stage II example. First we compile the modified source with the normal C compiler to produce a bugged binary. We install this binary as the official C. We can now remove the bugs from the source of the compiler and the new binary will reinsert the bugs whenever it is compiled. Of course, the login command will remain bugged with no trace in source anywhere.
                  While Thompson explains how to create a bugged binary of the C compiler it is also possible to do the same with other code, including those mentioned above. For example, the US government had Texas Instruments insert code bound for Iraq into their printers so that they could be shut down/controlled (remotely). During the 1992 invasion of Iraq their printers were shut down and printed orders/commands could not be delivered.

                  Disclaimer -- all of this TI stuff is from my memory, such as it is, and may be entirely part of Internet legends.

                  What is NOT legend is the attempt by Cisco to introduce spyware in my Cisco E2500 wifi firmware. Had they not gotten greedy and tried to force me to register for a Cisco cloud account I wouldn't have been inspired to google the clumzy attempt and learn about the real nature of the firmware upgrade. My response was to replace the firmware with DD-WRT. However, I am accepting on faith that DD-WRT wasn't compiled with an infected C compiler and contains malware which is not present in the source that was compiled.
                  "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
                  – John F. Kennedy, February 26, 1962.

                  Comment


                    #10
                    Of related interest: http://lwn.net/SubscriberLink/633273/c9289d60f24feba9/

                    Comment


                      #11
                      > Minor correction: All big name manufacturers. See system76.com, and others.

                      ronw, you are in the US, as am I. I believe that system76 et al are more expensive not only because of their lower volumes, but also because, thanks to bloatware, trialware, nagware, and worse, the Windows Tax is actually negative.
                      That is, Dell, Lenovo, and HP may actually pay less for Windows (net of marketing dollars from Microsoft) than they receive in these incentives.

                      Comment


                        #12
                        Originally posted by mparillo View Post
                        >That is, Dell, Lenovo, and HP may actually pay less for Windows (net of marketing dollars from Microsoft) than they receive in these incentives.
                        Indeed.

                        I only have one data point, my own laptop from System76. Comparably spec'd machines from Dell and Lenovo were roughly $100 cheaper; so less than 10% in 'savings'. That was an easy decision: send my money to a nice bunch of people in Colorado, or help MegaCorp meet its quarterly projections for Wall St.

                        Comment

                        Working...
                        X