Lenovo Computers and SuperFish Adware Create Security Nightmare
Cohen & Malad, LLP attorneys are investigating legal claims against computer manufacturer Lenovo and advertising company Superfish based on a recently announced critical security flaw.
On February 20, 2015, the U.S. Department of Homeland Security issued an official Alert advising consumers that since at least September 2014 computer manufacturer Lenovo has been selling Notebook computers with pre-installed SuperFish VisualDiscovery spyware that allows attackers to secretly observe users’ internet use, including communications like banking, emails, and instant messaging that are supposed to be confidential.
SuperFish eavesdrops on users’ internet activity, collects personal information and uploads it to its own servers, then injects targeted advertising and popups in legitimate Internet pages. SuperFish does this by replacing legitimate Internet site security certificates with a single certificate of its own (a “a self-signed root HTTPS certificate”), effectively breaking what are supposed to be secure Internet connections and leaving the affected Lenovo Notebooks vulnerable to attackers impersonating banks, credit card companies, merchants and other internet sites that are expected to be secure. Internet security researchers have described this security hole created by the SuperFish adware installed on Lenovo Notebooks as “critical” and potentially “catastrophic.”
According to Lenovo itself, the SuperFish software creates a “high” severity security threat, and may have been pre-installed on the following Lenovo Notebook models shipped between September 2014 and January 2015:
- E-Series: E10-30
- Flex-Series: Flex2 14, Flex2 15, Flex2 14D, Flex2 15D, Flex2 Pro, Flex 10
- G-Series: G410, G510, G710, G40-30, G40-45, G40-70, G40-80, G50-50, G50-45, G50-70, G50-80, G50-80Touch
- Miix-Series: Miix2 – 8, Miix2 – 10, Miix2 – 11, Miix 3 – 1030
- S-Series: S310, S410, S415, S415 Touch, S435, S20-30, S20-30 Touch, S40-70
- U-Series: U330P, U430P, U330 Touch, U430 Touch, U540 Touch
- Y-Series: Y430P, Y40-70, Y40-80, Y50-70, Y70-70
- Yoga-Series: Yoga2-11, Yoga2-13, Yoga2Pro-13, Yoga3 Pro
- Z-Series: Z40-70, Z40-75, Z50-70, Z50-75, Z70-80
If you purchased a Lenovo Notebook with pre-installed SuperFish software we would welcome the opportunity to talk to you about your rights and the possibility of pursuing a claim. Please contact us at 317-636-6481 or using the web contact form on this page.