Lenovo, the world’s No. 1 PC manufacturer, is taking a huge public relations hit today around the world after news surfaced that its laptops come pre-loaded with adware that some experts say pose a privacy and security threat. In a statement issued after the news broke,
Gizmodo says Lenovo could steal your private data.
The U.K. Guardian is warning that the software is capable of “fatally compromising user security.”
Charges Business Insider: “Lenovo has been selling laptops that come loaded with ‘malware.'”
So how big an issue is this for Lenovo, which operates its global executive headquarters in Morrisville?
Since Lenovo was based in China and maintains most of its operations there, the malware/adware question is triggering discussion about Lenovo being a “Chinese company.” China-based firms have long been accused of spying. Lenovo, however, operates globally and its stock is traded internationally.
- Lenovo had defended software; customers aren’t buying it
Says Forbes: “Lenovo might have made one of the biggest mistakes in its history.”
“Lenovo’s bundled adware also comes with a worrying security hole,” reports NextWeb.
Web sites are reporting customer outrage and dire warnings from experts about a “security hole.”
TechCrunch declares that Lenovo has a big problem.
“Lenovo is in hot water today after a significant security hole was unearthed, potentially affect its entire consumer PC range,” the tech news site reports.
“Superfish, an adware program that ships with all consumer PCs from Lenovo, uses a man-in-the-middle certificate to inject ads “
Superfish is from a company by the same name which is based in Israel and California. It recently was cited as one of the world’s most promising tech companies by Forbes.
Erra Security CEO Robert Graham told Reuters that Superfish is “malicious software,” it can take over encrypted connections and open the way for hackers. Once hacked, consumers are vulnerable to so-called “man-in-the-middle” attacks with hackers spying on connections.
“This hurts (Lenovo’s) reputation,” Reuters quoted Graham as saying. “It demonstrates the deep flaw that the company neither knows nor cares what it bundles on their laptops.”
Lenovo has yet to comment on the controversy, which exploded overnight. However, several stories noted that Lenovo has been dealing with consumer complaints for nearly a month and that Snapfish has been “temporarily removed.”
A search of Lenovo’s website for Snapfish produced no results.
Owen Williams, writing at NextWeb, is outraged.
“The software, named Superfish, was pre-installed by Lenovo on some consumer computers. The software injects unwanted advertising into users’ browsers in search results and on third-party websites,” Webb writes.
“This on its own is a big problem, but it’s emerged over the last few hours that the very same software self-installs a highly privileged security certificate that could allow the software — or other malicious attackers — to snoop on secure connections.”
Webb says there is “simply no reason for Superfish — or anyone else — to install a root certificate in this manner.”
Root certificates are key to security. Notes Wikipedia: “In cryptography and computer security, a root certificate is either an unsigned public key certificate or a self-signed certificate that identifies the Root Certificate Authority (CA).[ A root certificate is part of a public key infrastructure scheme.”
Headlines Illustrate Scale of Controversy
Here’s a look at some of the headlines and story summaries that reflect the scale of the problem Lenovo now faces:
- New Lenovo PCs shipped with factory-installed adware
Buy a new Lenovo computer recently? Well, it looks like it could be infected with some factory-installed adware. Users on the official Lenovo forums started noticing that search results were being injected with sponsored links (like what happens when a …
- Lenovo accused of pushing Superfish self-signed MITM proxy
Lenovo has been pilloried by a number of security experts for shipping software in its consumer Windows devices that not only injects advertising into search engine results, but also has the capability to intercept and hijack SSL/TLS connections to websites, …
- Lenovo PCs Shipping With Adware That Poses Serious Security Threat
Lenovo is in hot water today after a significant security hole was unearthed, potentially affect its entire consumer PC range. Superfish, an adware program that ships with all consumer PCs from Lenovo, uses a man-in-the-middle certificate to inject ads into …
- Lenovo has been silently installing adware on PCs for some time
Chinese computer producer Lenovo is facing a PR crisis after it was found to be installing adware, known as Superfish, in the factory to be sold on to consumers activating at first launch. The annoying adware has been found to come as a factory installation …
- Lenovo accused of compromising user security by installing adware on new PCs
Lenovo, the largest PC manufacturer in world, has been accused of fatally compromising user security by installing an adware application on all its Windows computers as they leave the factory. The software, called Superfish, purports to offer users a “visual …
- Lenovo Installs Adware on New Computers That Could Steal Private Data
Oh no, Lenovo. Users are reporting on the company’s forums that its computers are coming installed with adware straight out of the box—that can monitor secure connections. According to a number of Lenovo users, the software called Superfish is installed on …
- Lenovo Installing Adware in Consumer PCs, Report Users
Lenovo as per user reports is shipping adware, or software that spams users with ads, in its consumer PCs. The software is said to be spamming third-party ads via pop-ups on Google searches and websites without the user’s permission. According to various …
- Lenovo accused of installing ad-ware on laptops
Lenovo’s consumers laptops, which means the laptops that people buy in retail shops, come with a program called Superfish installed on them. Users are now reporting that this Superfish program not only injects advertisements in a web page but also steals …
- ‘Lenovo installing adware on laptops’
According to The Next Web, the adware activates itself when users start up the laptops for the first time – so what does it do then? The adware injects third-party ads onto websites and Google searches, although it seems that Google Chrome and Internet …
- How Lenovo’s Superfish ‘Malware’ Works And What You Can Do To Kill It
Lenovo might have made one of the biggest mistakes in its history. By pre-installing software called ‘Superfish Superfish’ to get ads on screens it’s peeved the entire privacy community, which has been aghast this morning on Twitter Twitter. There are …
- New Lenovo computers install dangerous malware that could allow hackers to …
New Lenovo computers came shipped with software that forced ads onto the users and could have left them vulnerable to hacking. The adware, known as “Superfish”, was made to push new third-party results into internet browsers — similar to the ads seen …