Lenovo Reaches $7.3 Million Settlement after Superfish Adware Debacle
NEWS

Lenovo Reaches $7.3 Million Settlement After Superfish Adware Debacle

Nearly four years ago, Lenovo was making the headlines in a pre-installed adware debacle. Back in 2015, the computer manufacturer was caught installing the Superfish Visual Discovery comparison-search engine software by default on its consumer laptops.




Shortly after that revelation, security experts warned that the Superfish application is not only adware, but it also exposed encrypted traffic at risk of being intercepted by attackers.

More about the Superfish Adware App

The main purpose of

Both Lenovo and Microsoft have taken action to remove from Windows the root certificate installed by the highly criticized Superfish application.
Superfish was to inject advertisements in the web pages visited by users, presenting them with alternative shopping results for different products they have searched for, using only the image of the item.

Although the application code itself was not considered malicious, it featured a transparent man-in-the-middle service which was based on the SSL Digestor engine. The latter generates root CA certificates and private keys that are not unique.

Lenovo Reaches Settlement Agreement of $7.3 Million

Four years later, Lenovo has reached a settlement agreement with consumers who purchased an affected model, Bloomberg Law recently reported. Lenovo Group Ltd. can now move ahead with an $7.3 million settlement to end a class action that its ad software exposed customer laptops to performance, privacy, and security problems, Bloomberg said.

The U.S. District Court for the Northern District of California granted initial approval of the settlement Nov. 21, four months after Lenovo and the consumer class filed with the court to end the spyware action. The SuperFish software, which Lenovo began installing in 2014, could access customer Social Security numbers, financial data, and sensitive heath information, the court said.

Lenovo’s pre-installed adware/spyware case is a reminder of the fragile state of consumers’ privacy and security. It raises security concerns about device manufacturers and their undeniable attempts to capture users’ data, without initially informing them about these practices. And as it turns out, without proper notice and consent, companies can undergo costly regulatory enforcement actions.

Related:
The RottenSys malware came pre-installed on millions of new devices by widely-spread brands like Honor, Huawei, Xiaomi, OPPO, Vivo, Samsung, and GIONEE.
RottenSys Android Malware Pre-Installed on 5 Million Devices

Court documents reveal that Lenovo installed Superfish on 28 laptop models, all of them sold in the U.S. in the period between Sept. 1, 2014 and Feb. 28, 2015.

Lenovo is set to pay $7.3 million to the settlement fund, and SuperFish will kick in another $1 million from a prior deal with consumers over the spyware issue. None of the funds will revert back to Lenovo or SuperFish and instead will go to “all persons who purchased a Lenovo computer in the United States on which VisualDiscovery was installed by Lenovo,” U.S. Judge Haywood S. Gilliam, Jr. wrote Nov. 21, Bloomberg said.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...