Lenovo agrees to pay a fine of $3.5 million for spying on its laptop users

Chinese Computing giant Lenovo has agreed to pay $3.5 million as fine for selling devices which were preloaded with software that compromised user’s security protections and also launched espionage related activities.

An agreement on this note was made by officials of Lenovo and Connecticut, the Federal Trade Commission, and 31 other states on Tuesday after a 2 and half year legal dispute.

According to Daily Mail, the software in question is Visual Discovery (VD), which appears to have infected Lenovo’s Google Chrome and Explorer browsers sold between August 2014 and January 2015.

Technically, the purpose of Visual Discovery offered by the software firm Superfish is to deliver pop up advertisements. It first analyzes what users are interested in buying based on their browser activity and then presents them with similar and cheaper products which are mostly manufactured by Chinese firms.

FTC claims in its lawsuit that Lenovo’s Visual Discover, in reality, serves intrusive ads and compromises private info such as bank details and passwords. The lawsuit also specifies that all Lenovo laptops sold between September 2014 to January 2015 were pre-loaded with the spying software which acted as an agent between users’ browser and sites.

The FTC complaint alleges that VD also replaced digital certificates of some websites with its own certificates to make the web transaction look legitimate. Thus, due to this behavior, the software blocked browsers from warning users when they tried to access malicious websites.

Users started to complain about the activity since late September 2014 for which FTC reacted by initiating a probe.
It was later discovered in the probe that the software used to track consumer info including social security numbers, login credentials, medical info and financial info which includes payment info.

Thus, it was proved that Lenovo compromised consumer’s privacy with its preloaded software on its new laptops.

As soon as the legal battle intensified in 2016, Lenovo issued a statement that it stopped selling the laptops loaded with preloaded VD software since March 2015.

Though it tried its best to fight in court, eventually, the officials of Lenovo decided to halt the legal proceedings and settle it amicably outside the court with FTC.

And as a result of this agreement, Lenovo has agreed to pay the fine of $3.5 million for causing privacy concerns to users using its laptops in the United States.

Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display