‘Spyware’ brings world of woes to Lenovo
Lenovo Group Ltd’s removal of pre-installed software that made its devices vulnerable to cybertheft was not enough to head off lawsuits from angry customers and ridicule from its largest competitor.
Although Lenovo announced about a week ago that it would pull the controversial third-party advertising program, called Superfish, from its laptops, the world’s largest personal computer maker may still need to explain how it fumbled the thorny issue of information security.
The Beijing-based PC giant is facing at least one class-action lawsuit in the United States because of Superfish, multiple sources have reported.
According to legal website Law360, the suit was filed with a US federal court in California on Feb 19. The plaintiffs accuse Lenovo of pre-installing “spyware” that allows remote monitoring of Internet activity.
The lawsuit was filed after Lenovo said that it would stop pre-loading Superfish on its products and offered uninstall services for devices that had already been sold.
As of Tuesday, Lenovo had not commented on the lawsuit.
The Superfish scandal gave Hewlett-Packard Co, the second-largest PC vendor, ammunition to criticize Lenovo.
HP’s official Twitter account bore a picture showing a piece of Salmon sashimi on top of a bowl of rice and a pair of chopsticks. The caption read: “The only thing you should have to think of when someone says Superfish.”
Peter Hortensius, chief technology officer of Lenovo, apologized for the Superfish scandal.
“Now, I want to start the process of keeping you up to date on how we are working to fix the problem and restore your faith in Lenovo,” Hortensius wrote in an official statement.
Superfish, developed by a Palo Alto, California-based visual search company, increases bandwidth and memory usage that cause computer slowdowns.
Weak information protection measures also makes devices carrying the software easier targets for hackers, security experts said.
“This problem is much bigger than we thought it was,” Marc Rogers, principal security researcher at CloudFlare Inc, said in his personal blog.
Many non-Lenovo comput- ers have used the webpage interception function that Superfish also used, meaning the security flaws lurk in more PCs than just those sold by Lenovo, according to Rogers.
For Lenovo, the software may have appeared on nearly 50 models of laptops, including its flagship Yoga series. The ThinkPad product line, which Lenovo acquired from IBM Corp about a decade ago, was not affected, according to the Chinese company.
“We will not include this Superfish software on any devices in the future,” it said.
It remains unclear how many Lenovo devices installed with Superfish have been sold.
Lenovo shipped 16 million PCs in the fourth quarter of last year, up 4.9 percent year-onyear. The company had a record 20 percent market share in the worldwide PC industry as of Dec 31, according to research firm International Data Corp.
PCs remain the biggest profit source for Lenovo, although the company has sought to diversify further into smartphones and enterprise server units. The PC and tablet sales of Lenovo hit $9.2 billion in the fourth quarter, representing more than 65 percent of its total quarterly revenue.