Laptop computers from Lenovo featured a browser add-on that installed a self-signed root certificate, giving it the possibility to process traffic that should be encrypted only between the client and the server.
Root certificates identify the Root Certificate Authority, a trusted entity issuing digital certificates to other parties in order to establish a chain of trust online.
They are part of the public key infrastructure scheme and are at the top of the digital certificate tree, holding the private key used to sign other certificates.
Same private key used on all affected Lenovo computers
Superfish Visual Discovery, the add-on present on Lenovo’s products, is designed to provide alternative results for products that may be available at a lower price than the ones searched by the user, based solely on image analysis.