Following the discovery of Superfish installed in certain Lenovo laptop and tablet models, some users have found, compiled, and published a list of other apps that also use SSL Decoder or Digestor, the Komodia software development kit (SDK) responsible for granting the said risky app its HTTPS interception functionality.
Unfortunately, some of the apps mentioned were parental control software, which are used by parents and caretakers to safeguard young teens and kids from potential online threats. They are as follows:
- Keep My Family Secure. A free parental control software Parental Control Solutions Ltd. a subsidiary of Komodia, that allows the blocking of websites based on children’s age.
- Kurupira Web Filter. A free software that targets both English and Portuguese users. It has the following features: anti-porn, website and program blocking, time control, and monitoring of computer and program usage history.
- Qustodio. A free app for Windows, Mac, iOS, and Android. Aside from having features that majority of parental control software have, Qustodio has options to monitor or block calls and SMS messages. It also provides a panic button children can press to call help from parents or carers.
- SecureTeen. A paid app for computers and mobile devices. Most of its functionalities are similar to that of Qustodio’s.
We cannot say for now if the above is already an exhaustive list. There might be other similar programs that use the SDK that have yet to be discovered.
For parents and carers, we encourage you to check your home computer and all mobile devices for presence of the applications we mentioned above. You can do that by doing a simple system search, or you can also use this site that was specifically created by a security researcher to automatically detect any application on systems with the Komodia SDK.
Once you have confirmed that one or more of the above apps are indeed installed and running, you now need to confirm if they have unrestricted private root certificates. It is important that you remove the certificate/s first before uninstalling the risky apps. You can visit this page and follow steps II and III for instructions on how to do this.
There is no automated way to remove certificates, so please be careful when following procedure. If needed, seek the help of family members who are savvy enough to maneuver within the system while under guidance.
You can refer to this page on our forums for instructions on how to remove the offending apps. Please note that steps to remove them are the same steps to uninstall Superfish.
Jovi Umawing