Hackers take down Lenovo website – FT.com

Hackers take down Lenovo website – FT.com.

High quality global journalism requires investment. Please share this article with others using the link below, do not cut & paste the article. See our Ts&Cs and Copyright Policy for more detail. Email ftsales.support@ft.com to buy additional rights. http://www.ft.com/cms/s/0/77843ec2-bd5f-11e4-b523-00144feab7de.html#ixzz3SzdZG1cE

 

February 26, 2015 2:45 am

Hackers take down Lenovo website

 

A pedestrian walks past the Lenovo Group Ltd. flagship store on Qianmen Street in Beijing, China, on Tuesday, Nov. 11, 2014. Lenovo Chief Executive Officer Yang Yuanqing has expanded in computer servers and mobile phones, including the $2.91 billion purchase of Motorola Mobility, to help combat a shrinking personal-computer market. Photographer: Tomohiro Ohsumi/Bloomberg©Bloomberg

Lenovo’s website has been hacked, less than a week after the personal computer maker was forced to disable controversial software that left users of its laptops vulnerable to cyber attacks.

On Thursday, the group – the world’s largest PC manufacturer by unit sales – said that users trying to visit its website had been redirected to another site by hackers.Hacker collective Lizard Squad had claimed credit for the attack via Twitter, where it also posted internal Lenovo e-mails discussing Superfish, the advertising software that the PC maker disabled on its products last week.

Lizard Squad has previously claimed credit for cyber attacks on Sony’s PlayStation network and Microsoft’s Xbox Live network. On Thursday, it also boasted of an attack on Google’s Vietnamese website.

Lenovo said it had taken its website down and was also investigating “other aspects” of the attack.

Later on Thursday morning, visitors to lenovo.com on Thursday morning received a message stating: “The Lenovo site you are attempting to access is currently unavailable due to system maintenance.” It was restored on Thursday afternoon.

Last week, Lenovo acknowledged that its consumer division had sold laptops pre-installed with controversial advertising software called Superfish that potentially left its computers open to being hacked. It said it had stopped installing Superfish on new units in January and disabled the software on existing machines.

Computer experts had warned of a security hole in the software that hackers could exploit to eavesdrop on a user’s web-browsing behaviour.

 


Lenovo admits to software vulnerability – FT.com

Lenovo admits to software vulnerability – FT.com.

 

Last updated: February 19, 2015 7:00 pm

Lenovo admits to software vulnerability

 

Lenovo Group Ltd. signage is displayed near laptops in an arranged photograph at a Lenovo store in the Yuen Long district of Hong Kong, China, on Friday, May 23, 2014. Lenovo, the world's largest maker of personal computers, reported a 25 percent jump in fourth-quarter profit as its desktop models and mobile devices gained global market share. Photographer: Brent Lewin/Bloomberg©Bloomberg

Lenovo, the world’s largest computer manufacturer by unit sales, has been forced to disable controversial software that left users of its laptops vulnerable to hacking attacks.

The software Superfish, which was pre-installed on Lenovo’s devices, was billed as a free “visual search” tool. But Lenovo used it to inject adverts into web pages.

More controversially, however, computer experts have discovered that Superfish contains a major security hole that hackers can potentially exploit to eavesdrop on a user’s web-browsing behaviour.

Users have been raising concerns about Superfish on Lenovo’s own online forums since September, complaining that the software is putting additional advertising into web pages without their permission.

Computer manufacturers often pre-install so-called “adware” into their laptops and PCs in exchange for payment by the software makers, which in turn make money from advertisers.

Lenovo said its customers were given a choice about whether to use the product.

However, Graham Cluley, an independent security expert, said the way in which Lenovo had installed the adware was “cack-handed, and could be exploited by a malicious hacker to intercept the traffic of innocent parties”.

While there is no evidence that hackers have exploited the vulnerability, Mr Cluley said: “If you have Superfish on your computer you really can’t trust secure connections to sites any more.”

 


Chinese Android phones contain in-built hacker 'backdoor' | Technology | The Guardian

Chinese Android phones contain in-built hacker ‘backdoor’ | Technology | The Guardian.

Coolpad
 Smartphones from Chinese manufacturer Coolpad found to have malware pre-installed. Photograph: Coolpad

Smartphones from a major Chinese manufacturer have a security flaw that was deliberately introduced and allows hackers full control of the device.

The “CoolReaper” backdoor was found in the software that powers at least 24 models made by Coolpad, which is now the world’s sixth-biggest smartphone producer according to Canalys.

The flaw allows hackers or Coolpad itself to download and install any software onto the phones without the user’s permission.

“The operator can simply uninstall or disable all security applications in user devices, install additional malware, steal information and inject content into the users device in multiple ways,” according to a report on the malware by security firm Palo Alto Networks (Pan).


Sophisticated iPhone and Android malware is spying on Hong Kong protesters | The Verge

Sophisticated iPhone and Android malware is spying on Hong Kong protesters | The Verge.

Researchers say all signs point to the Chinese government

 

 

A fake smartphone app is being used to remotely monitor pro-democracy protesters in Hong Kong, according to a report from the New York Times. Researchers from Lacoon Mobile Security say the phishing scam is spreading across the messaging application WhatsApp, through texts that read: “Check out this Android app designed by Code4HK for the coordination of OCCUPY CENTRAL!”, along with a link to download software. Lacoon says the software, once downloaded, can access a user’s personal data, including phone calls, text messages, and the physical location of their smartphone. Code4HK — a developer community that has helped to spread information about the protests — tells the Times it had nothing to do with the texts.

 

The origin of the scam remains unknown, but Lacoon CEO Michael Shaulov says the Chinese government is likely behind it, given the location of the servers and the sophistication of the operation. The company traced it to a computer that they say is similar to those that the Chinese government allegedly used to launch cyberattacks against US targets last year. The spread of the app remains equally unclear, though Shaulov says it was downloaded by one out of every ten phones that received the fake message. It has affected both Android and iOS users alike, although many in the security world have noted that only jailbroken iOS phones are vulnerable.