Has this blog be of help to you?

Thursday, 19 February 2015

Lenovo rebuked for shipping laptops pre-loaded with adware


Lenovo installed software on its own laptops which left them more vulnerable to cyber attacks, experts have said
 Chinese computer maker Lenovo has come under fire from security experts after it allegedly shipped laptops with adware that hijacks secure website connections and inserts ads into search results.

The adware, known as Superfish, was pre-loaded onto "a select number" of Lenovo's consumer Windows devices, the company confirmed. The issue only came to light last June, when users began complaining in Lenovo's forums in September.
Some users claimed that the adware used fake, self-signed root certificates (which are used to verify that you are connecting to who you think you are) to intercept data over secure web connections and inject advertisements into sessions.

This kind of adware is widely regarded in the industry as a form of malware because of the way it interacts with a user's laptop or PC.

"A blatant man-in-the-middle attack malware breaking privacy laws," wrote one user on Lenovo's forum "I have requested return of the laptop and refund as I find it unbelievable that manufacturer as Lenovo would facilitate such applications pre-bundled with new laptops."


Lenovo said that Superfish was originally included on some consumer notebook products to help customers discover interesting products while shopping. However, user feedback was not positive, so it disabled the product and stopped preloading the software in January 2015.

"We have thoroughly investigated this technology and do not find any evidence to substantiate security concerns. But we know that users reacted to this issue with concern, and so we have taken direct action to stop shipping any products with this software," the company said in a statement.

"We will continue to review what we do and how we do it in order to ensure we put our user needs, experience and priorities first."

It added that Superfish does not profile or monitor user behaviour, orrecord user information. Every session is independent and users are given a choice whether or not to use the product.

However, security expects said that the adware was tantamount to a virus, throwing open encrypted connections, paving the way for hackers to eavesdrop on communications.

"The way the Superfish functionality appears to work means that they must be intercepting traffic in order to insert the ads," said Eric Rand, a researcher at Brown Hat Security. "This amounts to a wiretap."

Ken Westin, senior security analyst at Tripwire, added: "If the findings are true and Lenovo is installing their own self-signed certificates, they have not only betrayed their customers’ trust, but also put them at increased risk."

Concerns about cybersecurity have dogged Chinese firms, including telecoms equipment maker Huawei over ties to China's government and smartphone maker Xiaomi over data privacy.

Lenovo commanded one-fifth of the global PC market in the third quarter of 2014, according to data research firm IDC.

1 comment:

Blogger said...

I have been using AVG protection for many years now, and I recommend this Anti virus to all of you.