Preloaded spyware, courtesy Lenovo

It seems that Lenovo has been preloading their consumer grade laptops with ad-injecting spyware.

Even worse, this particular spyware installs its own root certificate and serves fake certificates on the fly.

You can read more about it here.

Could it be that it is the Chinese equivalent of the NSA intercepting them on export and adding it then sending em on the

I hope that this behavior is found to be against some anti-hacking laws somewhere and that Lenovo can be hit with something more damaging then bad press.  Certainly, a MITM attack breaching secure banking sites must be against the law?

The article contained some nice links:

* Lenovo installs adware on customer laptops and compromises ALL SSL. -> Has sections "HOW TO CHECK IF YOU ARE AFFECTED" and "WHAT TO DO IF YOU ARE AFFECTED" near the end of the article (before the comments section)
* Errata Security: Some notes on SuperFish -> Had clear timing info: "It's been going on since at least June 2014"
* What You Need to Know About Superfish, The Man-in-the-Middle Adware Installed on Lenovo PCs

I feel personally aggrieved in this matter.  I bought a Lenovo Miix 2-8 nearly a year ago (before they began loading Superfish) and was pleasantly surprised at how well it runs Windows. But the screen is too small and low-res to use for any real work, so I was about to buy a Lenovo Yoga 2 10 inch Windows tablet. Needless to say, I will look elsewhere and expect to never purchase a Lenovo product again.

It’s pretty clear from their statements that the folk at Lenovo don’t think that they did anything wrong, just that they “messed up” and got caught.  The only way to teach people like this is to hit them where it hurts, in the pocketbook.

I generally detest lawyers who file class action lawsuits, but I would suspect that Lenovo is going to face a bunch of them and this is one situation where I hope the predators get their pound of flesh.


