Posted in: Desktop software

Lenovo dragged to court over Superfish security flaw

Just days after Lenovo admitted that the Superfish software, which comes pre-installed on some of its consumer laptops, could leave systems vulnerable to a man-in-the-middle (MITM) attack, it has been slapped with a class-action lawsuit.

Filed by Jessica Bennett, whose laptop was damaged due to what she termed a “spyware”, the lawsuit charges both Lenovo and Superfish with fraudulent business practices, breaching users’ privacy, and tracking their Internet browsing habits.

For those who aren’t in the know, Superfish is a software which Lenovo claims enhances users’ shopping experience by displaying extra advertisements while they’re browsing a website, even if it uses HTTPS. Under the hood, the software installs its own root certificate on systems as a means to bypass the secure connections. It affects non-ThinkPad models such as G Series, U Series, Y Series, Z Series, S Series, Flex, Miix, Yoga, and E Series.

Lenovo has already released an Automatic Removal tool as well as a step-by-step guide to ensure complete removal of Superfish. The software can also be removed by using Microsoft’s Windows Defender and McAfee’s security applications.



Rules for posting