Spyware and malicious software has become a big
nuisance for companies and individuals alike. While these companies
and individuals can ensure cyber security as per their best judgment
yet they have little control over pre installed malware and malicious
software or codes in hard disks and operating systems.
Recently Kaspersky revealed that hardware based
stealth spyware were used
by. intelligence agencies to indulge in selective and targeted
e-surveillance. Similarly, malicious firmware
and BIOS
are also big security threats for all stakeholders. Persistent BIOS
infection using hidden rootkit is especially annoying and a major
cyber security threat.
It has been reported that China’s Lenovo Group
Ltd, the world’s largest PC maker, had pre-installed virus-like
software on laptops that makes the devices more vulnerable to
hacking. Users have complained that a programme called Superfish
pre-installed by Lenovo on consumer laptops was “Adware”, or
software that automatically displays adverts.
According to Robert Graham, CEO of U.S.-based
security research firm Errata Security, Superfish was malicious
software that hijacks and throws open encrypted connections, paving
the way for hackers to also commandeer these connections and
eavesdrop. This can give rise to a man-in-the-middle attack.
Lenovo had installed Superfish on consumer computers
running Microsoft Corp’s Windows, he added. “This hurts Lenovo’s
reputation,” Graham told Reuters. “It demonstrates the deep flaw
that the company neither knows nor cares what it bundles on their
laptops”. “The way the Superfish functionality appears to work
means that they must be intercepting traffic in order to insert the
ads,” said Eric Rand, a researcher at Brown Hat Security. “This
amounts to a wiretap.”
An administrator on Lenovo’s official web forum
said on Jan. 23 that Superfish has been temporarily removed from
consumer computers. Lenovo has also promised that the allegations
regarding Superfish will be investigated and the problem would be
fixed.
Concerns about cyber security have dogged Chinese
firms, including telecoms equipment maker Huawei Technologies Ltd
over ties to China’s government and smartphone maker Xiaomi over
data privacy. Huawei and ZTE are already in telecom
security tangle of India. Huawei has also been accused
of breaching national security of India by hacking base station
controller in Andhra Pradesh. Cyber security concerns have already
excluded Huawei from Australian broadband project. US House
Intelligence Committee is also investigating
Huawei cyber espionage angle.
These episodes prove that countries are becoming
more and more aware about use of malware in software and hardware and
companies must be wary of using anything that make the
hardware/software potentially risky for cyber security purposes.
Source: Global
Techno Legal News And Views.