Lenovo Secretly Installed Adware on Laptops, Exposing Users to Security Risks
News broke late last week that Lenovo secretly installed software that broke common Internet security protocols on a range of its laptops. The adware, called Superfish, hacks into web browsers, including Internet Explorer, Firefox, and Chrome, to install its own ads on web pages.
If that wasn't bad enough, in order to put those ads on secure websites, like online banking or your Gmail account, the software engineers what's called a "man in the middle" attack, essentially intercepting traffic between you and the websites you visit. The effect is to break a common Internet security protocol known as HTTPS, which ensures that communications with secure sites are encrypted. With HTTPS broken, hackers can use publicly available information to intercept all of your Internet traffic, including most importantly, usernames and passwords. Hackers could then use that login information to access your bank accounts, credit cards, email, shopping sites, and more—all without you ever knowing that your information was compromised.
Lenovo has now acknowledged the problem but in an Orwellian turn-of-phrase, claims that the adware was included on its machines "to help customers potentially discover interesting products while shopping." The company also claims its users had a choice, even though the software was installed by default and is extraordinarily complicated for any ordinary computer user to remove.
Affected computers were produced between September and December 2014 and include the following models:
- G Series: G410, G510, G710, G40-70, G50-70, G40-30, G50-30, G40-45, G50-45
- U Series: U330P, U430P, U330Touch, U430Touch, U530Touch
- Y Series: Y430P, Y40-70, Y50-70
- Z Series: Z40-75, Z50-75, Z40-70, Z50-70
- S Series: S310, S410, S40-70, S415, S415Touch, S20-30, S20-30Touch
- Flex Series: Flex2 14D, Flex2 15D, Flex2 14, Flex2 15, Flex2 14(BTM), Flex2 15(BTM), Flex 10
- MIIX Series: MIIX2-8, MIIX2-10, MIIX2-11
- YOGA Series: YOGA2Pro-13, YOGA2-13, YOGA2-11BTM, YOGA2-11HSW
- E Series: E10-30
To determine if your Lenovo laptop is affected, you can visit this secure website. If the test shows that Superfish is installed, your computer may be at risk, and you should contact us immediately (using the form at right) for information on how to remove the software and to discuss your legal rights. You should also take a screenshot of that page to save as evidence that your machine was affected.