If you have to buy laptops for a number of your employees you may be tempted by the cheaper models. However, these cheaper laptops may come with risks that could make the cost saving a false economy. This is due to a flaw in the bundled software that comes with some of these lower cost devices.
So what is this flaw and how could it impact your business? This article highlights the findings following an investigation into some of Lenovo’s cheaper laptop models.
It must be stated that it is not just Lenovo laptops impacted by this security risk. Many laptop manufacturers have bundled similar software in a bid to keep the overall cost of these laptops down.
The security risk
A large number of Lenovo’s cheaper laptops are pre-loaded with a piece of software called Superfish. This software monitors the laptop user’s internet activity and searches so that it can display contextual ads.
This may sound innocent enough, but it is the manner in which it manages this task that causes the risk. The flaws in this software could leave the laptop user vulnerable to hackers.
The Superfish software gives Lenovo laptop users a false sense of security. Whilst they may be sure they have a secure connection to their bank for example, Superfish breaks the encryption so that it can see the content of what you are browsing in an attempt to display an ad. But the browser still displays the recognisable padlock symbol in the address bar giving the impressions the connection is secure. This means the end user is communicating openly with their bank in a way that would be very easy for a hacker to intercept.
This is not the first time that such third-party software has proven to be a problem, however. Just last year we saw the Heartbleed and Shellshock vulnerabilities and, as is the case with the Lenovo/Superfish issues, the problem lies in companies putting too much trust in outsourced development.
Is there a solution to this problem?
Tighter regulations might be the obvious answer and is usually the first response to a security problem such as this. Stricter regulations would mean that code is examined and would have to pass a type of quality control and certain security tests before the software is allowed to be included.
However, this would be tough to enforce and it is market forces that a driving laptop manufacturers to look at other ways of reducing retail costs.
In a business environment you should always consider the risks inherent in buying cheaper hardware. Never rely on the default settings, and in cases like this it may even be worthwhile completely formatting the whole laptop hard drive and installing a fresh copy of the operating system without any of the commercial software that comes with the retail version.
[Photo Credit: Tokuriki]
