Lenovo PCs Ship with Malicious Adware, Could Steal User Data

The worldEUs largest PC maker, Lenovo, is in the international hot seat for shipping laptops pre-installed with a virus-like software that puts customers in the line of hacker fire, according to one security researcher.

Since June, Lenovo customers have been reporting a program called Superfish, software that automatically displays advertisements in the name of helping consumers find products online, said Robert Graham, CEO of security research firm Errata Security.

Superfish is designed to intercept all encrypted connections and leaves the door open for NSA-style spies to hack into PCs through man-in-the-middle attacks, he said.

EUThe company claims it's providing a useful service, helping users do price comparisons. This is false. It's really adware,EU Graham wrote in a blog post. EUThey don't even offer the software for download from their own Web site. It's hard Googling for the software if you want a copy because your search results will be filled with help on removing it. The majority of companies that track adware label this as adware.EU

What Does Superfish Really Do?

Lenovo acknowledged the problem and said it has removed Superfish from its consumer PCs EUuntil such time as Superfish is able to provide a software build that addresses these issues." Lenovo also requested Superfish auto-update a fix that addresses these issues. Superfish could not immediately be reached for comment.

EUTo be clear, Superfish comes with Lenovo consumer products only and is a technology that helps users find and discover products visually,EU Lenovo said in its forum. EUThe technology instantly analyzes images on the Web and presents identical and similar product offers that may have lower prices, helping users search for images without knowing exactly what an item is called or how to describe it in a typical text-based search engine.EU

The PC maker described, in great detail, the functionality of Superfish to assure customers that itEUs...

Comments are closed.