Lenovo to be investigated over using of Superfish software
Lenovo to be investigated over using of Superfish software
Connecticut Attorney General George Jepsen's office just announced that it has launched an investigation into Lenovo's dealings with Superfish. The U.S. government very recently said that Superfish leaves users vulnerable to cyber attacks.
Lenovo began installing Superfish on their consumer PCs last September, which they believed would provide users with more meaningful search results. In reality, however, what Superfish does is that it hijack's a user's searches and takes that information and injects its own ads from its partners. And in the process of doing so, it destroys a computer's safeguard systems.
Security expert Marc Rogers explained that Superfish monitors users' activities and collects personal information and uploads it to its own servers. He also said that Lenovo doing so is "unbelievably ignorant and reckless" and calls this "quite possibly the single worst thing I have seen a manufacturer do to its customers base."
Robert Graham of Errata Security further elaborated that the problem is compounded by the fact that the Superfish software uses an easily cracked password. Worse still, the password is the same for all affected systems. What this means, Graham said, is that he could easily intercept encrypted communication of Superfish's victims at places where users share a Wi-Fi hotspot, like a cafe, for example.
More embarrassing also is the fact that it was recently revealed that Lenovo only made roughly US$250,000 from its deal with Superfish. A meager amount especially when you consider that Lenovo made over US$250 million in the last three months of 2014.
As for the investigation, a spokesperson from Lenovo has said that the company will cooperate fully with the Attorney General's office. In addition, Lenovo also recently committed itself to removing bloatware from its systems.
As for users who are affected by Superfish, Lenovo has released a cleansing tool that remove Superfish from their systems. However, most experts recommend a complete and thorough system wipe followed by installing a clean vanilla version of Windows.
Source: LA Times, Computerworld, Forbes