Lenovo Gets £2.7m Fine For Pre-Loading Superfish Adware On PCs

Lenovo has been fined $3.5 million (£2.7m) and ordered to review its cybersecurity testing by US authorities after the Chinese PC manufacturer distributed the ‘harmful’ Superfish adware with its laptops.

The Chinese manufacturer started shipping laptops pre-installed with software called ‘VisualDiscovery’, built by a company called Superfish, back in September 2014.

VisualDiscovery delivered popup ads from Lenovo’s retail partners when a cursor hovered over a similar product, however to do this it collected personal information from web browsers without their knowledge or consent.

Lenovo Superfish

The programme only collected certain information such as IP addresses and website data, but was capable of accessing much more, such as payment details and social security numbers.

Furthermore, it used an insecure method of replacing digital certificates with its own and used the same password across all affected laptops

This posed a serious security risk as hackers could generate a key to the adware’s certificate, spoofing the users into thinking they’re safe on websites such as banks, all the while slurping up their information.

Loading ...

The Federal Trade Commission (FTC) has said Lenovo must gain permission for users for future adware and will have to test its software for security flaws for the next 20 years. This will be subject to third party audits.

“Consumers have a reasonable expectation that their personal information will be protected when they purchase a new personal computer,” said Connecticut Attorney General George Jepsen, who led the case with counterparts in Illinois, Pennsylvania and 29 other US states.

“In this case, Lenovo instead built software into devices that compromised consumer privacy and failed to make adequate disclosures to consumers that their personal information was being collected and transmitted to a third party. We appreciate Lenovo’s cooperation in bringing this matter to an appropriate resolution.”

Lenovo has previously publicly apologised for the incident and pledged that its Windows 10 laptops would be free of the software.

“Today it was announced that Lenovo has reached settlements with the Federal Trade Commission (FTC) and a coalition of thirty-two U.S. states to resolve their concerns related to the third-party ‘VisualDiscovery’ software that Lenovo pre-installed on certain consumer laptop products in late 2014 and early 2015,” said Lenovo.

“While Lenovo disagrees with allegations contained in these complaints, we are pleased to bring this matter to a close after 2-1/2 years.”

Do you know all about security in 2017? Try our quiz!

Steve McCaskill

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

Recent Posts

Spyware Maker NSO Group Found Liable In US Court

Landmark ruling finds NSO Group liable on hacking charges in US federal court, after Pegasus…

3 days ago

Microsoft Diversifying 365 Copilot Away From OpenAI

Microsoft reportedly adding internal and third-party AI models to enterprise 365 Copilot offering as it…

3 days ago

Albania Bans TikTok For One Year After Stabbing

Albania to ban access to TikTok for one year after schoolboy stabbed to death, as…

3 days ago

Foldable Shipments Slow In China Amidst Global Growth Pains

Shipments of foldable smartphones show dramatic slowdown in world's biggest smartphone market amidst broader growth…

3 days ago

Google Proposes Remedies After Antitrust Defeat

Google proposes modest remedies to restore search competition, while decrying government overreach and planning appeal

3 days ago

Sega Considers Starting Own Game Subscription Service

Sega 'evaluating' starting its own game subscription service, as on-demand business model makes headway in…

3 days ago