New York, USA — Lenovo, the Chinese computer manufacturer that has supplied tens of thousands of laptops to Caribbean governments, is reportedly selling computers that come preinstalled with spyware that hijacks encrypted web sessions and may make users vulnerable to cyber-attacks, security researchers said this week.
According to Arstechnica.com, the critical threat is present on Lenovo PCs that have adware from a company called Superfish installed that can intercept encrypted traffic for every website a user visits. The Superfish software hijacks encrypted web sessions no matter which browser someone uses.
Even worse, other hackers can use the hidden software to launch attacks that won’t be detected by machines that have the spyware installed.
It’s not known exactly which Lenovo computers come with Superfish pre-installed.
Computers manufactured by Lenovo, a Chinese company originally created by a Chinese government department and now one of the world’s largest computer makers, have been banned by intelligence agencies around the world because of concerns over hardware exploits inserted into the production line by the manufacturer.
According to Trinidad and Tobago Education Minister Dr Tim Gopeesingh, at least 75,000 laptops had been distributed to secondary school students. Gopeesingh said that all principals at primary and secondary school levels and school supervisors have also received laptops.
Following several articles previously published on the issue of spyware programs hidden in computers supplied to Caribbean governments and agencies by foreign governments or companies, an amateur radio organisation in Trinidad and Tobago tested the Chinese-supplied computers and confirmed the presence of such malicious software.
Julien Dedier, the chairman of the board of directors of the Trinidad and Tobago Amateur Radio League (TTARL), said last year that he discovered the spyware while investigating a problem on his daughter’s government-issued laptop.
However, Gopeesingh said the government has not installed any spyware devices on the 75,000 laptops it has issued to Form One students over the past several years.
“There has never been any time that we have ever installed any area close to anything like spyware or malware,” Gopeesingh said last year, apparently missing the point that the computers in question probably came from China with such software already installed without the government’s knowledge.
Nevertheless, he also dismissed suggestions something may be wrong with the computers.
Concern was, however, expressed in Saint Lucia, which received 3,300 Chinese-supplied Lenovo Thinkpad laptops from the Trinidad and Tobago government as part of a government-to-government agreement.
“Just checking on the information I received it looks like it is a big operation that allows access to confidential information so this is a matter of concern if the computers have spyware,” said veteran Saint Lucia educator, Dr Virginia Albert-Poyotte.
“How much longer must we play with the security of our nation’s schoolchildren using these Lenovo computers?” Dedier commented this week following the latest spyware revelations.