Lenovo Group Ltd. unit was slapped with a putative class action in California federal court on Thursday claiming the company installed malicious software on the computers it sold that allows spying of Internet activity in violation of state and federal privacy laws. Lenovo admitted to pre-loading the Superfish adware on some consumer PCs and the unhappy customers are taking the company to the court.
A proposed class-action suit was filed against Lenovo and Superfish, which charges both companies with ‘fraudulent’ business practices and of making Lenovo PCs vulnerable to malware and malicious attacks by pre-loading the adware.
Plaintiff Jessica N.Bennett accuses Lenovo of pre-installing spyware software made by Superfish Inc., also named defendant in the class action, in new computers which resulted in computer slowdowns, increased bandwidth and memory usage, annoying pop-ups and interception of personal information. She also accused Lenovo and Superfish intruding her privacy and making money by studying her internet browsing habits.
The laptops affected by Superfish include non-ThinkPad models such as G Series, U Series, Y Series, Z Series, S Series, Flex, Miix, Yoga and E series. Lenovo has since issued fixes to remove and Superfish applications and certificates from PCs. Microsoft’s Windows Defender and McAfee’s security applications also remove Superfish since Friday.
Lenovo earlier admitted it messed up pre-loading Superfish on computers. The software plugs produce recommendations into search results, but can hijack connections and open major security holes, thus making computers vulnerable to malicious attacks.
The first complaint of Superfish on Lenovo laptops was lodged in September 2014, but it became a real serious issue when Marc Rogers, a hacker pointed it out in his blog.
Bennett, a blogger, bought a Yoga 2 laptop to conduct business and communicate with clients. When she noticed spam advertisements of scantily clothed women pop-up on her client’s website and other websites, she assumed her computer had spyware or had been hacked. She, then, searched the forums to notice similar behaviour on other Lenovo laptops and rooted out the problem to be Superfish, which could intercept secure communication and leave computers vulnerable.
According to the court document, Superfish also made use of memory resources and took up Internet bandwidth. Damages from Lenovo and Superfish are being sought as part of the lawsuit filed in the U.S District Court for the Southern District of California.
With regard to the lawsuit, Lenovo has released a statement: “We are working with McAfee and Microsoft to have the Superfish software and certificate quarantined or removed using their industry-leading tools and technologies. This action has already started and will automatically fix the vulnerability even for users who are not currently aware of the problem. While this issue in no way impacts our ThinkPads; any tablets, desktops or smartphones; or any enterprise server or storage device, we recognize that all Lenovo customers need to be informed. We apologize for causing these concerns among our users for any reason — and we are learning from experience and improve what we do and how we do it.”