The installed backdoor certificate is trusted as a root certificate. Its private key is contained in the MITM software, and is now known publicly. So anyone can now create phony certs signed by the backdoor cert, and Lenovo machines accept them as valid.
That's an image of the word "Yes" signed with the Superfish certificate. If your browser shows that image without warnings about an invalid cert, the backdoor exists.
Right but this only means you can decrypt data coming from websites using a starfish cert. It doesn't mean you can decrypt your bank traffic because you have this proxy installed which is what Graham is claiming.
Yes, it does mean others can decrypt your bank traffic.
Here's how this type of MITM attack works.
Situation: user is using laptop in public location with WiFi. Between WiFi device and net is a computer with MITM software.
Client laptop requests "https://www.bigbank.com". MITM box gets HTTPS request, sees it is for "bigbank.com", and generates a fake cert for that site. It then uses the Superfish root cert to sign the fake cert. MITM box acts as server for that connection and sees the user's traffic in the clear, unencrypted. The Lenovo client laptop sees a valid cert chain descending from the Superfish cert installed by Lenovo. The user sees a green bar and lock icon.
MITM box then opens an HTTPS connection to "https://www.bigbank.com", and acts as client for that connection. The two connections are connected together as a proxy, so that the user sees what looks like a valid HTTPS connection. The MITM box can log everything, including bank passwords.
Only if the root cert store of the user's machine has been tampered with. If you have a valid cert store, you can detect MITM attacks on HTTPS connections.
Here is such a page:
https://badfish.filippo.io/yes.png
That's an image of the word "Yes" signed with the Superfish certificate. If your browser shows that image without warnings about an invalid cert, the backdoor exists.