Malware Comes Preinstalled with Some Lenovo Laptops

Malware Comes Preinstalled with Some Lenovo Laptops

Malware Comes Preinstalled with Some Lenovo Laptops

Lenovo users may be getting more than they bargained for with their new laptops. Mashable reports that some Lenovo products come preinstalled with adware called Superfish, which breaks secure website connections and makes sensitive user information vulnerable to security threats.

Superfish breaks HTTPS, which is meant to provide a secure connection over the internet, in order to better scout for ads. The adware also looks at user data on connections that would not normally be visible. Mashable reports that according to experts, Superfish disrupts encrypted connections in a way that leaves users vulnerable to more malicious hackers; sensitive data, such as banking information, can potentially be stolen.

Superfish utilizes a “man-in-the-middle” strategy to insert itself into the user’s system. The adware installs its own root certificate on Windows systems. Because of this, it looks as if the program is allowed to be there viewing your activity. For instance, when a user logs onto a banking site, there is typically a lock icon showing that the connection is secure and private. However, Superfish is able to view this data.

Lenovo admitted that the adware comes preinstalled on some products in January. A forum administrator stated “Superfish comes with Lenovo consumer products only and is a technology that helps users find and discover products visually. The technology instantly analyzes images on the web and presents identical and similar product offers that may have lower prices,” In other words, Superfish infiltrates user data for advertising purposes.

In addition to unwanted ads, Superfish causes a number of more serious problems. “Superfish is essentially cracking open secure connections and using its own fake certification to trick HTTPS connections, including Google, Facebook and any number of other sites that use the now-common security measure. That means that if the private key certificate is compromised, all Lenovo machines with Superfish installed could be at risk.” Mashable says.

Read more at:

This entry was posted in Defective Products, Legal News and tagged , , , , , , . Bookmark the permalink.

© 2005-2019 Parker Waichman LLP ®. All Rights Reserved.