Wednesday, September 26, 2018
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
Apple Said to Shaves Cost from Displays in iPhones
GLOBALFOUNDRIES Delivering 8SW RF SOI Client Chips on 300mm Platform, Enhanced 14/12nm FinFET offerings
Qualcomm Says Apple Gave Modem Secrets to Intel
Firefox Monitor Will Help You Take Control After a Data Breach
Intel Adds to Portfolio of FPGA Programmable Acceleration Cards
Fujifilm Develops Projector Featuring High-performance FUJINON Lens
Leica S3 Comes With 64 megapixel Medium-format Sensor
Fujifilm Announce the GFX 50R Medium-format Mirrorless Camera, Teases With 100-megapixel GFX 100
Active Discussions
Which of these DVD media are the best, most durable?
How to back up a PS2 DL game
Copy a protected DVD?
roxio issues with xp pro
Help make DVDInfoPro better with dvdinfomantis!!!
menu making
Optiarc AD-7260S review
cdrw trouble
 Home > News > PC Parts > Lenovo ...
Last 7 Days News : SU MO TU WE TH FR SA All News

Tuesday, September 05, 2017
Lenovo Settles FTC Charges it Harmed Consumers With Preinstalled Adware on its Laptops


Lenovo Inc. has agreed to settle charges by the Federal Trade Commission and 32 State Attorneys General that the company harmed consumers by pre-loading software on some laptops that compromised security protections in order to deliver ads to consumers.

In its complaint, the FTC charged that beginning in August 2014 Lenovo began selling consumer laptops in the United States that came with a preinstalled "man-in-the-middle" software program called VisualDiscovery that interfered with how a user's browser interacted with websites and created serious security vulnerabilities.

"Lenovo compromised consumers' privacy when it preloaded software that could access consumers' sensitive information without adequate notice or consent to its use," said Acting FTC Chairman Maureen K. Ohlhausen. "This conduct is even more serious because the software compromised online security protections that consumers rely on."

VisualDiscovery software, developed by a company called Superfish, Inc., was installed on hundreds of thousands of Lenovo laptops. It delivered pop-up ads from the company's retail partners whenever a user's cursor hovered over a similar looking product on a website.

To deliver its ads, VisualDiscovery acted as a "man-in-the-middle" between consumers' browsers and the websites they visited, even those websites that were encrypted. Without the consumer's knowledge or consent, this technique allowed VisualDiscovery to access all of a consumer's sensitive personal information transmitted over the Internet, including login credentials, Social Security numbers, medical information, and financial and payment information. While VisualDiscovery collected and transmitted to Superfish's servers more limited information, such as the websites the user browsed and the consumer's IP address, Superfish had the ability to collect more information.

The complaint also alleges that VisualDiscovery used an insecure method to replace digital certificates for those websites with its own VisualDiscovery-signed certificates. Digital certificates are used to signal to a user's browser that the encrypted websites visited by a consumer are authentic and not imposters. VisualDiscovery, however, did not adequately verify that the websites' digital certificates were valid before replacing them, and used the same, easy-to-crack password on all affected laptops rather than using unique passwords for each laptop.

Because of these security vulnerabilities, consumers' browsers could not warn users when they visited potentially spoofed or malicious websites with invalid digital certificates. The vulnerabilities also enabled potential attackers to intercept consumers' electronic communications with any website, including financial institutions and medical providers, by simply cracking the pre-installed password. The complaint alleges that Lenovo did not discover these security vulnerabilities because it failed to assess and address security risks created by third-party software it preloaded on its laptops.

As part of the settlement with the FTC, Lenovo is prohibited from misrepresenting any features of software preloaded on laptops that will inject advertising into consumers' Internet browsing sessions or transmit sensitive consumer information to third parties. The company must also get consumers' affirmative consent before pre-installing this type of software. In addition, the company is required for 20 years to implement a comprehensive software security program for most consumer software preloaded on its laptops. The security program will also be subject to third-party audits.



Previous
Next
Nissan Leaf Got Upgraded to Compete With Tesla's Models        All News        Western Digital Could Quit Bid for Toshiba Chip Unit, for Better JV Terms
Logitech MX ERGO Trackball Promises Comfort And Precision Tracking     PC Parts News      Micron Sold the Lexar Brand to Longsys

Get RSS feed Easy Print E-Mail this Message

Related News
Lenovo Introduces new Premium Yoga Laptops and ThinkPad X1 Extreme, Delivers Upgraded GPUs to Lenovo Legion Gaming PCs
E3: Updated Lenovo Legion Gaming PCs are Stylish and Savage
Lenovo's PC Sales Shows Signs of Life, Although Smartphones Sales Remain Low
Lenovo Unveils New moto g6 and moto e5 Smartphones
Lenovo Debuts Ruggedized Chromebook Trio and New Lenovo Yoga 730 and 530 ab MWC
Lenovo Recalls the ThinkPad X1 Carbon 5th Gen Laptop
Lenovo's PC and Smart Device Businesses Grow, But Mobile Turnaround Target Missed
CES 2018: New Lenovo Miix 630 2-in-1 Detachable, ThinkPad X1 Series and Lenovo Smart Display With Google Assistant
Lenovo Introduces 2018 ThinkPad Portfolio
Lenovo to Buy Fujitsu PC Unit Stake
Lenovo Could Take Over Fujitsu's PC Unit
IFA 2017: Lenovo Announces Windows Mixed Reality Headset and new 2-in-1 laptops

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2018 - All rights reserved -
Privacy policy - Contact Us .