Chinese multinational, Lenovo is in troubled waters for sure over Superfish adware controversy. We broke the story of Lenovo machines being sold with pre-installed Superfish Adware for the period of September 2014 to January 2015. The company later clarified that it had removed Superfish completely and was working with Microsoft and McAfee to provide automated tools for removal of the adware. But it seems that all these efforts were a little too late and the company could well be in deep trouble.
In a latest development, the Attorney General George Jepsen has sent letters to executives at the computer technology company Lenovo Group Ltd. and the software company Superfish seeking information about software pre-installed on Lenovo personal computers. The AG Jepsen has asked both the companies to explain why such PC’s were sold to consumers that could potentially expose them to hackers.
The Superfish software was intended to track users’ Web searching and browsing activity in order to place additional ads on the sites they visit.
Lenovo and Superfish to reply to the inquiry
According to the U.S. Department of Homeland Security, Lenovo personal computers employing the pre-installed software contain a critical vulnerability through a compromised root CA certificate. Exploitation of that vulnerability could allow a hacker to read all encrypted Web browser traffic, impersonate or spoof any Web site or perform other attacks on the affected user’s computer.
AG Jepsen has asked both Lenovo and Superfish to provide information about the pre-installed software in 20 days. An investigation would be carried out to determine if Lenovo and Superfish have violated Connecticut’s laws that prohibits companies to carry out unfair and deceptive trade practices. AG Jepsen mentioned in its official note,
“It’s extremely concerning that, based on published reports, Lenovo installed this software – which appears to have no meaningful benefit to the consumer – on devices without the purchaser’s knowledge. It is bad enough that the company sold consumers computers pre-loaded with software designed to track their browsing without alerting them. Even more alarming is that the software reportedly has a significant security vulnerability, putting computer users at risk of hacking”.
Gerry P Smith, Executive Vice President, Lenovo and Adi Pinhas, CEO, Superfish have been asked to reply to the inquiry letters. You can read the Attorney General’s letters to Lenovo and Superfish here.