Lenovo Inc agreed to pay US$3.5million and make changes in selling laptops. To overcome the accusations in sold devices with pre-loaded software that dishonor users security protections.
US authorities imposed penalties for releasing and selling laptops vulnerable to hacking, according to a press release by the US Federal Trade Commission (FTC).
The software, called Visual Discovery, was installed on hundreds of thousands of laptops beginning in August 2014 to deliver pop-up advertisements. Moreover, the software blocked browsers from warning users trying to access malicious websites. Visual Discovery used a pop-up that introduced Super fish first time that a user visited an e-commerce website.
Although, after several months discovered bug and named Superfish. At last, the discovery prompted the FTC to pursue a case against Lenovo
Hackers were able to manipulate the software’s certificate, and able to access encrypted communications on HTTPS. HTTPS is the internet protocol facilitating the communications between one’s computer and a website. However, Visual Discovery software gave hackers a way to avoid HTTPS protection, leaving users vulnerable.
The Man-in-the-Middle technique allowed Visual Discovery to access all of a consumer’s sensitive personal information transmitted over the Internet. Including login credentials, Social Security numbers, medical information, and financial and payment information.
Meanwhile, the US versions of Lenovo laptops in 2014 and 2015 list of models with Superfish: E-Series, Edge Series, Flex-Series, G-Series, Miix Series, S-Series,U-Series, Y-Series, Yoga Series, and Z-Series.
Finally, the FTC punished Lenovo by prohibiting the company from installing adware without the user’s public consent. In addition, US agency implemented a comprehensive security program for reloaded software subject to audits for the next 20 years.