Lenovo Fined Over Superfish Adware-ridden Laptops

Lenovo logoImage copyright Reuters

Computer-maker Lenovo has agreed to pay US states $3.5m (£2.7m) to settle allegations that it sold laptops with pre-loaded adware that compromised buyers' security without warning.

The company has also agreed to seek consumers' consent before installing any such software in the future.

Lenovo faced uproar when it emerged in 2015 that it had hidden an advert-delivering program made by Superfish on hundreds of thousands of computers.

It later provided a tool to remove it.

US Federal Trade Commission investigators have alleged that Lenovo first started selling compromised laptops in August 2014.

The software involved was called VisualDiscovery, and was made by the California-based start-up Superfish.

It was designed to show pop-up ads from retailers when users hovered their cursors over related products on a website.

Owners began complaining about the issue, on the Lenovo's own forums, in late-2014.

But the discovery got picked up by the mainstream media only the following year, after security researchers reported that the code worked by substituting its own security key for the encryption certificates used by many websites and did so in a sloppy manner.

"VisualDiscovery... did not adequately verify that the websites' digital certificates were valid before replacing them, and then used the same easy-to-crack password on all affected laptops," the FTC said.

The watchdog said the software had put "login credentials, social security numbers, medical information, and financial and payment information" at risk.

In addition, the watchdog said, it had blocked browsers from warning users if they visited spoofed or otherwise malicious websites.

Although Lenovo was apparently unaware of the security risks, the FTC alleged that this was only because it had failed to properly vet the software.

Lenovo's financial penalty will be shared by 32 US states.

In addition, the company has agreed to implement a software security compliance programme that it must allow an independent third-party to check at regular intervals for the next 20 years.

Superfish closed in May 2015 following the scandal, and its founder repurposed its object-recognition technology via a new company, JustVisual.

RECENT NEWS

From Chip War To Cloud War: The Next Frontier In Global Tech Competition

The global chip war, characterized by intense competition among nations and corporations for supremacy in semiconductor ... Read more

The High Stakes Of Tech Regulation: Security Risks And Market Dynamics

The influence of tech giants in the global economy continues to grow, raising crucial questions about how to balance sec... Read more

The Tyranny Of Instagram Interiors: Why It's Time To Break Free From Algorithm-Driven Aesthetics

Instagram has become a dominant force in shaping interior design trends, offering a seemingly endless stream of inspirat... Read more

The Data Crunch In AI: Strategies For Sustainability

Exploring solutions to the imminent exhaustion of internet data for AI training.As the artificial intelligence (AI) indu... Read more

Google Abandons Four-Year Effort To Remove Cookies From Chrome Browser

After four years of dedicated effort, Google has decided to abandon its plan to remove third-party cookies from its Chro... Read more

LinkedIn Embraces AI And Gamification To Drive User Engagement And Revenue

In an effort to tackle slowing revenue growth and enhance user engagement, LinkedIn is turning to artificial intelligenc... Read more

We use cookies to give you the best experience possible. By continuing we’ll assume you’re on board with our cookie policy.