Since the media coverage of the revelations around the Superfish adware pre-installed in Lenovo laptops, the Chinese manufacturer is trying to catch up. The big concern is the security vulnerability discovered in this adware.
Admittedly, a user had to accept a license agreement when launching their browser for the first time, but the unsuspected danger potential of Superfish is a game-changer. In the United States, Hattis Law is trying to mount a class action against Lenovo.
Class actions are the specialty of this company. At the end of 2013, it had already obtained an amicable agreement from Lenovo in a case where Californian consumers had criticized the posting on its website of false discounts because in connection with old prices on computers. Upon request, the complainants were able to obtain $ 50.
This time, Hattis Law is launching a class action accusing Lenovo of having sold " millions of laptops "since September 2014 with a" dangerous malware "pre-installed:
"Security researchers have identified Superfish as highly dangerous malware that makes the computer vulnerable to hackers. The software hijacks encrypted sessions in web browsers by allowing man-in-the-middle attacks through which attackers can easily certify attacks. HTTPS sites posing as legitimate sites. "
The US-CERT has published a vulnerability note in order to indicate that an attacker can intercept and spy on HTTPS traffic without triggering the browser alert concerning an electronic certificate. For the flaw itself, the culprit is Komodia with Komodia Redirector and SSL Digestor technology making HTTPS sessions vulnerable.
Citing a complaint filed in the United States by a woman named Jessica Bennett, who had acquired a Yoga 2, PCWorld (IDG News Service) reports that she accuses Lenovo and Superfish of having violated her private life and made money by studying your Internet browsing habits. It is the behavior of the Superfish adware that is pointed out, but it also brings up the case of the security vulnerability.