Design World

  • Home
  • Technologies
    • 3D CAD
    • Electronics • electrical
    • Fastening & Joining
    • Factory automation
    • Linear Motion
    • Motion Control
    • Test & Measurement
    • Sensors
    • Fluid power
  • Learn
    • Ebooks / Tech Tips
    • Engineering Week
    • Future of Design Engineering
    • MC² Motion Control Classrooms
    • Podcasts
    • Videos
    • Webinars
  • LEAP AWARDS
  • Leadership
    • 2022 Voting
    • 2021 Winners
  • Design Guide Library
  • Resources
    • 3D Cad Models
      • PARTsolutions
      • TraceParts
    • Digital Issues
      • Design World
      • EE World
    • Women in Engineering
  • Supplier Listings

Superfish Points Fingers over Ad Software Security Flaws

By Brandon Bailey, AP Technology Writer | February 23, 2015

Share

In this Aug. 15, 2013 file photo, people walk past a Lenovo flagship experience store in Beijing, China. Security researchers revealed Thursday, Feb. 19, 2015, that some computers sold by China’s Lenovo, the world’s biggest PC maker, had a major security hole that would let any garden-variety hacker impersonate shopping, banking and other websites and steal users' credit card numbers and other personal data. (AP Photo/Andy Wong, File)San Francisco (AP) — A little-known Silicon Valley startup was caught in a firestorm of criticism this week for making software that exposed Lenovo laptop users to hackers bent on stealing personal information. But Superfish Inc. has also won praise for producing visual search technology that many see as the next big thing in online shopping.
Is Superfish an Internet pioneer or a computer-user’s privacy nightmare?

Either way, don’t expect a mea culpa. Faced with a withering publicity barrage that could jeopardize any startup’s future, Superfish CEO Adi Pinhas blamed another company for the security flaw and complained about what he called “false and misleading statements made by some media commentators and bloggers.”

Researchers revealed Thursday that some laptops sold by China’s Lenovo, the world’s biggest PC maker, had a security flaw that could let hackers impersonate shopping, banking and other websites and steal users’ credit card numbers and other personal data.

Lenovo has since apologized for pre-loading the computers with Superfish’s visual search software, which captures images that users view online, such as a sofa or pair of shoes, and then shows them ads for similar products. By itself, the image recognition algorithm might not be a security risk. But the problem arose because Superfish used software from another company that can eavesdrop when Internet users visit secure or encrypted websites.

That software replaced the encryption code on websites with its own easily-hacked code, according to several researchers. The Department of Homeland Security issued an alert Friday saying Lenovo customers should remove Superfish software because of the hacking dangers.

Superfish on Friday insisted its own code is safe and said the security flaw was “introduced unintentionally by a third party.” In an email to The Associated Press, Pinhas identified that party as Komodia, a tech startup based in Israel that makes software for other companies, including tools for companies that show online ads and for programs parents can use to monitor their children’s Web surfing.

Some experts say the problem may extend beyond Lenovo. The Komodia tool could imperil any company or program using the same code. “It’s not just Superfish, other companies may be vulnerable,” said Robert Graham, CEO of Errata Security. Komodia CEO Barak Weichselbaum declined comment Friday.

Launched in Israel by Pinhas and fellow entrepreneur Michael Chertok, Superfish is among a handful of companies pioneering the use of “visual recognition” technology, which industry experts say could revolutionize online shopping by letting people search online with pictures as easily as they now search with words. Superfish’s visual recognition algorithms can analyze a picture and search through a database for similar images, even if they’re not labeled with descriptive text.

“I’ve been impressed. They’re probably one of the best technologies that’s out there,” said Sucharita Mulpuru, a Forrester Research analyst. “It can be a powerful tool for a lot of things, but definitely for shopping and e-commerce.”

Consumers will see more of this in the future, said Yory Wurmser at the eMarketer research firm. Amazon.com Inc. built a similar shopping feature into its Fire smartphone last year. Google Inc., Facebook Inc., Pinterest and other tech giants are investing heavily in visual search.

Now based in Palo Alto, Calif., Pinhas has called Superfish a “deep technology company.” But Superfish critics call its products “ad-ware” or worse. Several Internet message boards are filled with complaints that an earlier Superfish program, WindowShopper, bombarded users with annoying ads and diverted them to websites they didn’t want to visit. Pinhas didn’t respond to an emailed question about WindowShopper.

Superfish, which was founded in 2006, said last year that it had 85 employees and about $45 million in annual revenue. As a privately held startup, the company doesn’t disclose major customers or contracts. But with the Lenovo debacle, Superfish’s brand is taking a hit. However the flaw was introduced, critics say Superfish and Lenovo should have caught the problem sooner.

“They probably saw this as a way to generate revenue, but the security implications are pretty severe,” said analyst Ken Westin of the cybersecurity firm Tripwire.

Lenovo released a software tool Friday to help customers remove the Superfish code from their laptops. It can be found at http://support.lenovo.com/us/en/product_security/superfish_uninstall . But some experts say users may want to wipe their hard drives and start over, re-installing the Windows operating system however.

That’s not an easy task for casual users, said Westin, “but it’s the best way to be completely sure.”


Filed Under: M2M (machine to machine)

 

Related Articles Read More >

Part 6: IDE and other software for connectivity and IoT design work
Part 4: Edge computing and gateways proliferate for industrial machinery
Part 3: Trends in Ethernet, PoE, IO-Link, HIPERFACE, and single-cable solutions
Machine Learning for Sensors

DESIGN GUIDE LIBRARY

“motion

Enews Sign Up

Motion Control Classroom

Design World Digital Edition

cover

Browse the most current issue of Design World and back issues in an easy to use high quality format. Clip, share and download with the leading design engineering magazine today.

EDABoard the Forum for Electronics

Top global problem solving EE forum covering Microcontrollers, DSP, Networking, Analog and Digital Design, RF, Power Electronics, PCB Routing and much more

EDABoard: Forum for electronics

Sponsored Content

  • Global supply needs drive increased manufacturing footprint development
  • How to Increase Rotational Capacity for a Retaining Ring
  • Cordis high resolution electronic proportional pressure controls
  • WAGO’s custom designed interface wiring system making industrial applications easier
  • 10 Reasons to Specify Valve Manifolds
  • Case study: How a 3D-printed tool saved thousands of hours and dollars

Design World Podcasts

May 17, 2022
Another view on additive and the aerospace industry
See More >
Engineering Exchange

The Engineering Exchange is a global educational networking community for engineers.

Connect, share, and learn today »

Design World
  • Advertising
  • About us
  • Contact
  • Manage your Design World Subscription
  • Subscribe
  • Design World Digital Network
  • Engineering White Papers
  • LEAP AWARDS

Copyright © 2022 WTWH Media LLC. All Rights Reserved. The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of WTWH Media
Privacy Policy | Advertising | About Us

Search Design World

  • Home
  • Technologies
    • 3D CAD
    • Electronics • electrical
    • Fastening & Joining
    • Factory automation
    • Linear Motion
    • Motion Control
    • Test & Measurement
    • Sensors
    • Fluid power
  • Learn
    • Ebooks / Tech Tips
    • Engineering Week
    • Future of Design Engineering
    • MC² Motion Control Classrooms
    • Podcasts
    • Videos
    • Webinars
  • LEAP AWARDS
  • Leadership
    • 2022 Voting
    • 2021 Winners
  • Design Guide Library
  • Resources
    • 3D Cad Models
      • PARTsolutions
      • TraceParts
    • Digital Issues
      • Design World
      • EE World
    • Women in Engineering
  • Supplier Listings