FTC chairman Maureen Ohlhausen told News Tuesday while a teleconference that unusual 750,000 Lenovo laptops sold in August 2014 and June 2015 arrived pre-installed with a program called visual discovery, made by the Palo Alto, California-based firm SuperFish. The application would act as a “man-in-the-middle” within a consumer’s browser and the website people visited.
“Imagine the online equivalent of someone, externally your knowledge, hindering your mail, opening it, reading it, resealing it and placing it back in your mailbox,” Ohlhausen said. “That’s what we claim the software did.”
If you’re interested how Visual Discovery scraped user data to obtain money, Security Firms offers this great example: “If you’re watching at an ad for a chest of drawers, Superfish, going by the model on its own website, can help you obtain a matching sideboard (credenza).” The software would then “keep its eye out for similar sites, all based on models instead of relying on old-fashioned keywords.”
It would also hold its eyes on consumer’s individual info, like log-in creds, Social Security numbers, bank account data, medical information, and emails, researchers learned. And if you went to a “spoofed” website, i.e., one that seemed like a furniture store but was especially data-capturing one, you’d be up a spring.
How did this mess, exactly? Superfish is a third-party merchant, and while Ohlhausen didn’t say that Lenovo was ignorant this software was spying on users, she did call on machines-makers to be careful about partnering up with entrepreneurs that might not have the best purposes.
“Everybody in the chain wants to pay attention,” she said. “This appeared to be one of the world’s biggest computer manufacturers and I think it sends an essential message: If you are going to install these sorts of software, you need to pay regard to what it’s collecting, what you’re saying consumers and the kinds of risks that it might be creating.”
Affected Lenovo models carry many in its affordable range the below half of its range according to the possible criticism that Superfish was targeting low-revenue or young consumers. Included brands were the E-Series, Edge Series, Flex-Series, G-Series, Miix Series, S-Series, U-Series, Y-Series, Yoga Series, and Z-Series.
Take your time to comment on this article.
Latest posts by Harikrishna Mekala (see all)
- A Serious Security Flaw Found in LibSSH - October 19, 2018
- Flaws in Branch.io Affected Over 685 Million Users - October 17, 2018
- Microsoft Store Has Been Hosting an Ad Clicker Disguised as a Google Photos App - October 16, 2018