Lenovo’s not-so-Superfish

As a business owner and MINDBODY user, you’re wise to take extra precautions that ensure your clients’ personal information is safe. You keep your antivirus software current, you steer clear of sketchy websites, none of your staff members share login information, and you update your password more often than you change the oil in your car. If you own a Lenovo computer, however, there’s another element you should add to your security routine.  

Lenovo, a multinational computer manufacturer, announced recently that it had pre-installed an invasive, malware-type program called Superfish onto several models of consumer laptops that were distributed in 2014.


Superfish was designed to inject advertising into websites and web searches on browsers including Google Chrome and Internet Explorer. Force-fed advertisements are not new and nothing of notable security concern. Unfortunately, Superfish’s modus operandi leaves computers and consumers extremely vulnerable to attacks by ill-willed intruders.

Why should I be worried?

While Superfish is busy trying to fill your browser with ads, it intercepts traffic, including traffic on encrypted websites. Links of encrypted websites, like MINDBODY, will start with “https” and display a small padlock icon to let you know that they are secure.

The padlock lets you know that the website you’re visiting is encrypted.

With Superfish installed on your laptop, your browser won’t warn you when you’re connecting with an untrustworthy source. This gives hackers the opportunity to impersonate legitimate, encrypted sites that you already consider to be secure. This is especially alarming when you’re not only protecting your own sensitive data, but hundreds of clients’ data, as well (e.g., logins and passwords, credit card numbers, personal information).

How do I know if my device has Superfish?

To check whether or not your system is at risk, run the Superfish Certification Authority test.

What do I do now?

For detailed information about which models are affected and how to mitigate this serious security concern, MINDBODY recommends PCWorld.com.