NEWS RELEASE


Orange Technology issues warning for Lenovo computer users

Whitehorse – March 2, 2015

Orange Technology, Yukon’s fastest growing IT solutions provider issues a warning for users of Lenovo computers.

“More than a week ago, the world was made aware of a situation where computer manufacturer Lenovo was pre-installing software that hijacks the encryption technology used on secure web sites”, says Martin Lehner, IT Security Expert for Orange Technology. “Examples of the types of secure web sites that can be compromised include online banking and retail sites such as Amazon and eBay”.

Lenovo is a Chinese computer manufacturer. In 2005, Lenovo purchased IBM’s consumer computer division and acquired rights to the “ThinkPad” and “ThinkCenter” brand names.

The vulnerability stems from a pre-installed software that displays advertising, developed by a company named “Superfish”. “The software then replaces the security certificates found on secure web sites, which means that information flowing to those secure web sites can be intercepted and forwarded. Further to this, the encryption key is then replaced with a very unsecure one. It took a professional security expert only 3 hours to break the key using traditional methods”, says Lehner. “Forgetting about the moral question of whether it is ethical to pre-install software that injects additional advertising into your web browser, there is certainly a huge security and privacy risk here”.

The United States Department of Homeland Security has issued an official notice warning the public of this newly discovered security threat. This isn’t the first time Lenovo has been in hot water. “Lenovo was reportedly banned by government agencies around the world starting back in 2005”, says Martin Lawrie, Vice President of Technical Services at Orange. “These bans were put in place due to concerns regarding Chinese state-sponsored espionage and data theft. In 2013, it was reported that U.S. authorities had found ‘hard evidence’ of backdoors that were built into Lenovo computer systems”.

Based on all the concerns regarding Lenovo over the years, Orange Technology has never recommended or sold their equipment. “There are many reputable computer system manufacturers out there”, says Lawrie. “There is no need to deal with one that’s already been under suspicion for years”.

Since news of the malicious pre-installed software broke, Orange has been testing various Lenovo systems in their lab, checking for encryption-based vulnerabilities. “I can confirm that such vulnerabilities exist”, says Lehner. “The media reports are not incorrect; this malicious software is indeed installed from the factory”.

The majority of Orange’s clients are not on Lenovo systems, confirmed Martin Lawrie. “The only Lenovo systems we encounter are older workstations that are being replaced anyways. None the less, we have made the decision to offer assessments and consultations for any Yukon business or organization who does have Lenovo equipment and is concerned about security, privacy and data integrity”. These assessments and consultations are being completed at absolutely no cost to businesses and organizations. “Technology is integral to our economy, to our way of life. It serves no one’s interest to have highly vulnerable systems out there, which is why we decided to offer this service absolutely free”.

Interested parties can contact Orange Technology at their convenience to take advantage of this offer.

Orange Technology is a Yukon-wide IT solutions and support provider, located in Whitehorse.

For additional information, contact Orange Technology at 867-322-TECH, or e-mail info@orangetechnology.ca