Published Date: 2015-02-19
| Postmortem Analysis | |
|---|---|
| Timeline | 1. The software failure incident related to Superfish on Lenovo laptops happened between September and December of the previous year before the article was published in February [Article 34097]. 2. The preinstalled malware on Android devices was discovered over the last three years, with the latest case studies discussed at the Black Hat cybersecurity conference in August [Article 88441]. |
| System | 1. Superfish software installed on Lenovo laptops [33704, 33881, 62973, 34097] 2. Preinstalled malware on Android devices [88441] |
| Responsible Organization | 1. Lenovo [33704, 33881, 62973, 33457] 2. Superfish [33704, 33881, 62973, 33457] |
| Impacted Organization | 1. Consumers who purchased Lenovo laptops were impacted by the Superfish adware incident [33704, 33881, 62973]. 2. Android device users, particularly those with budget phones, were impacted by preinstalled malware on over 7.4 million devices [88441]. |
| Software Causes | 1. Superfish software installed on Lenovo laptops, which altered search results, showed unwanted ads, and compromised users' security by tampering with encryption certificates, potentially exposing sensitive information to hackers [33704, 33881, 62973, 33457]. 2. Preinstalled malware on Android devices, such as the Chamois and Triada malware campaigns, hidden in preinstalled apps, which infected millions of low-budget Android devices and posed security threats [88441]. |
| Non-software Causes | 1. Lack of proper vetting and oversight by Lenovo in the preloading of Superfish adware on laptops, leading to a compromise in user security [33704, 33881, 62973]. 2. Failure to adequately address security concerns raised by users and security researchers regarding the Superfish software, indicating a lack of proactive response to potential risks [33704, 33881, 62973]. 3. Inadequate testing and quality assurance processes by Lenovo in ensuring the safety and security of preloaded software on their laptops [33704, 33881, 62973]. 4. Lenovo's initial dismissal of security concerns and attempts to downplay the severity of the situation, which delayed effective mitigation measures [33704, 33881, 62973]. 5. The inclusion of a self-signed root certificate by Superfish, which introduced a significant security vulnerability on affected Lenovo computers [33457]. 6. Lack of transparency and clarity in communication from Lenovo regarding the risks posed by the preinstalled Superfish software, leading to confusion and potential user harm [33457]. |
| Impacts | 1. The Superfish software installed on Lenovo laptops altered search results and tampered with computer security, exposing users to potential man-in-the-middle attacks, compromising sensitive information like banking transactions, passwords, and emails [33704, 33881]. 2. The Superfish software introduced a critical vulnerability, allowing attackers to snoop on users' Internet traffic and infiltrate their computers, posing a serious risk to consumers and businesses [33704]. 3. Lenovo faced backlash and fines for selling laptops with pre-loaded adware that compromised user security without warning, leading to a settlement of $3.5 million with US states and an agreement to seek consumer consent before installing such software in the future [62973]. 4. The preinstalled malware on Android devices, discovered by Google researchers, affected over 7.4 million devices, allowing attackers to take over devices, download apps in the background, and commit ad fraud, highlighting the threat of preinstalled malware on budget Android phones [88441]. 5. The preinstalled malware campaigns on Android devices, such as Chamois and Triada, infected tens of millions of low-budget Android devices, compromising security from the moment the devices were shipped out [88441]. |
| Preventions | 1. Proper vetting and auditing of preinstalled software: Conducting thorough reviews, audits, and analysis of preinstalled software could have helped identify potential security risks before the software is shipped with the devices [88441]. 2. Enhanced security measures during software development: Implementing robust security measures during the development of preinstalled software to prevent vulnerabilities and ensure that the software does not compromise user security [88441]. 3. Strict adherence to security standards: Following strict security standards and protocols to ensure that any preinstalled software meets security requirements and does not introduce vulnerabilities [88441]. 4. Regular security checks and updates: Conducting regular security checks and updates on preinstalled software to address any potential security flaws or vulnerabilities that may arise over time [88441]. 5. Collaboration with security researchers: Collaborating with security researchers to identify and address any security concerns related to preinstalled software, ensuring that any issues are promptly resolved before they impact users [88441]. |
| Fixes | 1. Lenovo issued a Superfish removal tool to eliminate all traces of the software from Lenovo computers [33704]. 2. Lenovo agreed to pay $3.5 million to settle allegations and seek consumers' consent before installing any such software in the future [62973]. 3. Google's Android security team reviewed builds from about 1,000 different phone makers to ensure there weren't any preinstalled malware packaged with the devices [88441]. | References | 1. Article 33704 gathers information from security software maker F-Secure, Lenovo's chief technology officer Peter Hortensius, the US Department of Homeland Security, Superfish, and Microsoft. 2. Article 33881 gathers information from Lenovo, the US Federal Trade Commission, security researcher Robert Graham, security firm Trend Micro, and Malwarebytes. 3. Article 92231 gathers information from security firm Kryptowire, Google, Maddie Stone (security researcher on Google's Project Zero), security researcher Marc Rogers, Rik Ferguson (head of security research at Trend Micro), Chris Boyd (Malware Intelligence Analyst at Malwarebytes), and Google's security researcher Maddie Stone. 4. Article 62973 gathers information from Reuters, the US Federal Trade Commission, Lenovo, security researcher Maddie Stone, security researcher Marc Rogers, the Electronic Frontier Foundation, and security firm Rapid7. 5. Article 34097 gathers information from Lenovo, security researcher Marc Rogers, the Electronic Frontier Foundation, coder Filippo Valsorda, and Lenovo spokesman Brion Tingler. 6. Article 88441 gathers information from Google, security researcher Maddie Stone, Honeywell, and the Android security team. |
| Category | Option | Rationale |
|---|---|---|
| Recurring | one_organization, multiple_organization | (a) In the article <Article 88441> from 2019, it is mentioned that Android's security team discovered two major malware campaigns hidden in preinstalled apps over the last three years, one called Chamois and the other called Triada, which infected tens of millions of low-budget Android devices. This indicates a recurring issue of preinstalled malware affecting Android devices, showing a software failure incident happening again within the Android ecosystem. (b) The article <Article 62973> from 2015 reports on Lenovo being fined over Superfish adware-ridden laptops, where Lenovo faced allegations of selling laptops with pre-loaded adware that compromised buyers' security without warning. This incident involving pre-installed adware causing security risks on Lenovo laptops showcases a similar software failure incident happening at multiple organizations or with their products and services. |
| Phase (Design/Operation) | design, operation | (a) In the case of the Lenovo Superfish software incident, the failure can be attributed to the design phase. The Superfish software, preloaded on Lenovo laptops, altered search results and tampered with the computer's security, leading to a serious risk for consumers. The software introduced vulnerabilities that allowed attackers to spy on users' Internet traffic, compromising sensitive information like banking transactions, passwords, and emails [33704, 33881]. (b) On the other hand, the incident involving preinstalled malware on Android devices can be linked to the operation phase. The harmful apps were discovered on over 7.4 million Android devices, allowing attackers to take over devices, download apps in the background, and commit ad fraud. These threats were present on budget phone models that relied on third-party software, highlighting the risks associated with the operation and use of such devices [88441]. |
| Boundary (Internal/External) | within_system, outside_system | (a) within_system: The software failure incident related to the Superfish adware on Lenovo laptops falls under the category of within_system failure. The incident involved Lenovo shipping laptops with pre-installed adware called Superfish, which compromised user security without warning [Article 62973]. The adware altered search results, injected ads into Google searches, and created a security vulnerability by substituting its own security key for encryption certificates used by websites [Article 34097]. Lenovo faced criticism for installing the software irresponsibly, leading to a massive security catastrophe for its users [Article 33457]. (b) outside_system: The incident also involved external factors contributing to the failure. For example, the Superfish adware was created by a tech startup based in Silicon Valley and Israel [Article 34097]. Additionally, the incident highlighted the broader issue of preinstalled malware on Android devices, where harmful apps come with the device, potentially affecting millions of users [Article 88441]. This indicates that external actors, such as third-party software providers and hackers, can introduce malware into devices during the manufacturing process. |
| Nature (Human/Non-human) | non-human_actions, human_actions | (a) The software failure incident occurring due to non-human actions: - The incident with Superfish on Lenovo laptops was a result of preinstalled adware that compromised user security without warning, leading to a man-in-the-middle attack vulnerability [Article 33881]. - Preinstalled malware was discovered on over 7.4 million Android devices, allowing hackers to take over devices and commit ad fraud [Article 88441]. (b) The software failure incident occurring due to human actions: - Lenovo faced criticism for installing Superfish on laptops, which led to a security catastrophe for users due to the adware's security vulnerabilities [Article 33457]. - Lenovo agreed to pay $3.5 million to settle allegations that it sold laptops with pre-loaded adware that compromised buyers' security without warning, indicating a failure introduced by human actions [Article 62973]. |
| Dimension (Hardware/Software) | software | (a) The software failure incident occurring due to hardware: - There is no specific information in the provided articles about the software failure incident occurring due to contributing factors originating in hardware. (b) The software failure incident occurring due to software: - The software failure incidents discussed in the articles are primarily due to contributing factors originating in software. For example, in the case of Lenovo laptops preloaded with Superfish software, the incident involved software altering search results, compromising security, and introducing vulnerabilities without the users' knowledge [33704, 33881, 62973, 33457, 34097]. - The Superfish software incident on Lenovo laptops led to a serious security risk where attackers could snoop on users' browser traffic, compromising sensitive information like banking transactions, passwords, and emails [33704, 33881, 62973, 33457, 34097]. - The preinstalled malware on Android devices, such as the Chamois and Triada campaigns, posed threats to millions of devices by being hidden in preinstalled apps, making it difficult to detect and remove [88441]. - The preinstalled malware on Android devices had escalated permissions compared to downloaded malware, making it more dangerous as it couldn't be easily removed unless phone makers issued security updates [88441]. |
| Objective (Malicious/Non-malicious) | malicious, non-malicious | (a) In the case of the software failure incident related to the Superfish adware on Lenovo laptops, the objective of the incident was malicious. The Superfish software was designed to show targeted ads by analyzing images of products on the web. However, it also injected ads into Google searches and created a security vulnerability by substituting its own security key for encryption certificates, potentially allowing hackers to steal sensitive information through man-in-the-middle attacks [33704, 33881, 62973]. (b) In another incident involving preinstalled malware on Android devices, the objective was non-malicious. The harmful apps were discovered on over 7.4 million Android devices and had the ability to take over devices, download apps in the background, and commit ad fraud. These threats were hidden in preinstalled apps that came with the devices, potentially due to budget phone makers relying on third-party software without malicious intent [88441]. |
| Intent (Poor/Accidental Decisions) | poor_decisions, accidental_decisions | (a) The intent of the software failure incident in the articles can be categorized as poor_decisions. Lenovo's decision to preinstall the Superfish software on their laptops was a poor decision that led to a significant security risk for consumers. The software altered search results, injected ads, and compromised the security of users' internet connections, potentially exposing sensitive information to hackers [33704, 33881, 62973]. (b) Additionally, there were instances where the preinstalled malware on Android devices was accidental_decisions. Some cases of preinstalled malware on Android devices were accidents rather than intentional malicious acts. For example, there were vulnerabilities found in preinstalled apps that allowed for remote code execution, which affected millions of devices but were fixed promptly once discovered [88441]. |
| Capability (Incompetence/Accidental) | development_incompetence | (a) The software failure incident occurring due to development incompetence: - Article 33457 reports on Lenovo installing malware on consumer laptops, specifically the Superfish adware, which compromised user security without warning. Lenovo initially claimed the software was included to enhance user experience, but it was later revealed that the software created security vulnerabilities on affected computers. The Electronic Frontier Foundation criticized Lenovo for engineering a massive security catastrophe for its users due to the software installation [33457]. - Article 62973 discusses how Lenovo faced allegations and fines for selling laptops with pre-loaded adware that compromised buyers' security without consent. The adware, VisualDiscovery by Superfish, was found to put sensitive information at risk and block browsers from warning users of malicious websites. The FTC alleged that Lenovo failed to properly vet the software, leading to security risks for consumers [62973]. (b) The software failure incident occurring due to accidental factors: - Article 88441 highlights the discovery of preinstalled malware on over 7.4 million Android devices, which could take over devices and commit ad fraud. The malware was hidden in preinstalled apps on budget Android devices, affecting millions of users. The malware campaigns, such as Chamois and Triada, infected low-budget Android devices from the moment they were shipped out, posing a threat to users [88441]. |
| Duration | permanent, temporary | (a) The software failure incident related to the Superfish adware on Lenovo laptops can be considered a permanent failure. The adware was preinstalled on Lenovo laptops between September and December of the previous year, affecting an unknown number of computers [Article 34097]. The adware, known as Superfish, was designed to show targeted ads but ended up creating a significant security vulnerability on affected computers, making them vulnerable to man-in-the-middle attacks [Article 34097]. Despite attempts to remove the adware, the security hole it created remained active, leaving users permanently open to potential attacks [Article 33881]. (b) On the other hand, the preinstalled malware discovered on more than 7.4 million Android devices is a temporary failure. The malware was found to have the ability to take over devices and download apps in the background while committing ad fraud [Article 88441]. The Android security team discovered two major malware campaigns hidden in preinstalled apps over the last three years, affecting tens of millions of low-budget Android devices [Article 88441]. These threats were identified and addressed by Google's security team, indicating a temporary nature of the failure. |
| Behaviour | crash, omission, timing, value, other | (a) crash: The software failure incident related to the Superfish adware on Lenovo laptops can be categorized as a crash. The Superfish software caused a serious security vulnerability by altering the encryption certificates used by websites, potentially allowing hackers to intercept sensitive information like login credentials, social security numbers, and financial data [Article 34097]. (b) omission: The Superfish adware incident on Lenovo laptops can also be categorized as an omission. Lenovo shipped laptops with the Superfish software preinstalled, which compromised user security without warning. The software injected unwanted ads into Google searches and created a security hole that could be exploited for a "man in the middle" attack, leaving users vulnerable [Article 34097]. (c) timing: The incident related to the preinstalled malware on Android devices can be categorized as a timing failure. The malware was present on over 7.4 million Android devices, allowing attackers to take over devices and download apps in the background while committing ad fraud. The malware was hidden in preinstalled apps, making it difficult to detect and remove, potentially causing harm to users [Article 88441]. (d) value: The Superfish adware incident on Lenovo laptops can be categorized as a value failure. The Superfish software altered the encryption certificates used by websites, potentially compromising the security of user data such as login credentials, social security numbers, and financial information. This incorrect behavior of the software posed a significant risk to users [Article 34097]. (e) byzantine: The incident related to the Superfish adware on Lenovo laptops does not align with a byzantine failure. The software altered search results, injected ads, and compromised security, but it did not exhibit inconsistent responses or interactions. The main issue was the security vulnerability introduced by the software [Article 34097]. (f) other: The incident related to the preinstalled malware on Android devices can be categorized as a persistence failure. The preinstalled malware remained hidden on devices, even without an icon, making it challenging for users to detect and remove. Additionally, the escalated permissions of preinstalled malware compared to downloaded malware made it more difficult to eliminate from devices [Article 88441]. |
| Layer | Option | Rationale |
|---|---|---|
| Perception | processing_unit, embedded_software | (a) sensor: Failure due to contributing factors introduced by sensor error - The articles do not mention any sensor-related failures. (b) actuator: Failure due to contributing factors introduced by actuator error - The articles do not mention any actuator-related failures. (c) processing_unit: Failure due to contributing factors introduced by processing error - The failure incidents discussed in the articles are related to software issues such as pre-installed adware and malware on Lenovo laptops, which were introduced by the software itself rather than the processing unit [33704, 33881, 62973, 34097, 88441]. (d) network_communication: Failure due to contributing factors introduced by network communication error - The incidents discussed in the articles involve vulnerabilities in the software that could allow hackers to intercept sensitive information during network communication, but there is no specific mention of network communication errors causing the failures [33704, 33881, 62973, 34097, 88441]. (e) embedded_software: Failure due to contributing factors introduced by embedded software error - The failures discussed in the articles are directly related to issues with pre-installed adware and malware on Lenovo laptops, which can be categorized as embedded software errors [33704, 33881, 62973, 34097, 88441]. |
| Communication | connectivity_level | (a) The failure related to the communication layer of the cyber physical system that failed is at the **connectivity_level**. From Article [88441], it is mentioned that preinstalled malware was discovered on more than 7.4 million Android devices, which had the ability to take over devices and download apps in the background while committing ad fraud. The malware campaigns hidden in preinstalled apps over the last three years, such as Chamois and Triada, infected tens of millions of low-budget Android devices from the moment they were shipped out. These malware campaigns affected the network or transport layer of the devices, indicating a failure at the connectivity level. Additionally, the article discusses cases where preinstalled apps posed threats to Android devices by turning off Google Play Protect, spying on people's web activity, and allowing potential hackers to run code remotely. These actions indicate issues at the network or transport layer of the devices, contributing to the failure at the connectivity level. |
| Application | TRUE | The software failure incidents related to the application layer of the cyber physical system that failed due to contributing factors introduced by bugs, operating system errors, unhandled exceptions, and incorrect usage are as follows: 1. The incident involving Lenovo laptops preloaded with Superfish adware ([33704], [33881], [62973], [33457]) can be considered a failure related to the application layer. The Superfish software altered search results, injected ads, and tampered with the computer's security, leading to a serious risk for consumers. It was designed to show targeted ads but ended up compromising user security by introducing vulnerabilities such as a man-in-the-middle attack. The software also installed a root certificate, which could be exploited by hackers to intercept secure connections and steal sensitive information. 2. The incident where preinstalled malware was discovered on over 7.4 million Android devices ([88441]) also falls under the category of a failure related to the application layer. The preinstalled malware posed a threat to Android devices by taking over devices, downloading apps in the background, committing ad fraud, and turning off Google Play Protect. These preinstalled harmful apps had escalated permissions, couldn't be easily removed, and were approved and installed by phone makers, making them a dangerous threat to users. In both cases, the failures were caused by software issues introduced at the application layer, leading to security vulnerabilities and risks for users. |
| Category | Option | Rationale |
|---|---|---|
| Consequence | property, theoretical_consequence | (d) property: People's material goods, money, or data was impacted due to the software failure In the case of the Superfish software incident involving Lenovo laptops, the software altered search results and injected ads into users' browsing sessions. This software also tampered with the computer's security, potentially exposing sensitive information such as banking transactions, passwords, emails, and instant messages to attackers [33704]. The Superfish software also introduced a "critical vulnerability" according to the US Department of Homeland Security, which could compromise user data [33704]. Additionally, the software posed a serious risk to consumers and businesses by making them vulnerable to hackers without their knowledge [33704]. Furthermore, in another incident, preinstalled malware was discovered on over 7.4 million Android devices, allowing attackers to take over devices, download apps in the background, and commit ad fraud. This preinstalled malware could potentially steal passwords and other sensitive information when users engaged in online activities like shopping, paying bills, or checking email [88441]. |
| Domain | information | (a) The failed system was related to the information industry as it involved software installed on laptops that altered search results and injected ads, compromising user security and privacy [33704, 33881, 62973]. (b) The transportation industry was not directly mentioned in the articles. (c) The natural resources industry was not directly mentioned in the articles. (d) The failed system was not directly related to the sales industry. (e) The failed system was not directly related to the construction industry. (f) The failed system was not directly related to the manufacturing industry. (g) The failed system was not directly related to the utilities industry. (h) The failed system was not directly related to the finance industry. (i) The failed system was not directly related to the knowledge industry. (j) The failed system was not directly related to the health industry. (k) The failed system was not directly related to the entertainment industry. (l) The failed system was not directly related to the government industry. (m) The failed system was not directly related to any other industry. |
Article ID: 33704
Article ID: 33881
Article ID: 92231
Article ID: 62973
Article ID: 34097
Article ID: 33457
Article ID: 88441