New Lenovo Computers Had “Superfish” Adware Pre-Installed Since September
If you bought a new Lenovo computer between this past September and January, you might have a problem. Today, news hit that adware called “Superfish” had been installed on Lenovo computers starting late last year, which has been now been revealed to pose a serious security threat to users.
The story first broke on The Next Web last night, which points the way back to posts on Lenovo’s forums that detail how Superfish relies on a “man-in-the-middle certificate” to show advertisements from third parties in users’ web browsers, specifically Chrome and Internet Explorer. That’s annoying and shady, but that isn’t even the worst part: because of the way it can provide third-party access to a user’s web browser – even through a secure connection – it can compromise a computer’s security and potentially grant access to a user’s data.
Needless to say, it’s not been a great day for Lenovo, as the story has spread throughout the Internet. A post on TechCrunch reports that Lenovo began installing the adware as far back as September 2014, but stopped in January, disabling the software “completely on the server-side,” apparently “rendering it inactive.”
So – why did they bother installing invasive adware on new computers in the first place? Lenovo spokesperson Brion Tingler explains:
“Superfish was previously included on some consumer notebook products shipped in a short window between September [Lenovo corrected from October, the month it originally claimed] and December to help customers potentially discover interesting products while shopping. However, user feedback was not positive, and we responded quickly and decisively.”
It’s not been a great few months as far as computer security is concerned, in general. There was the infamous iCloud hack from September, the monumental hack of Sony Pictures Entertainment in December, and then the big (and overblown) freak out over Samsung’s Smart TVs apparently listening in on users’ living room conversations.
The upshot? If you use a computer, mobile phone, or anything that connects to the Internet, just assume your data is already compromised. That should make things easier, right?
[Sources: The Next Web, TechCrunch]