[ad_1]
Three years ago, hardware manufacturer Lenovo was hit by adware on its peripherals, which compromised user security software. The company is now paying $ 7.3 million to clbad members (PDF) for violating their privacy. This is reported by the Hackread computer security blog. This affects 750,000 laptops from the manufacturer.
Job market
The application in question was developed by Superfish and allowed "man-in-the-bag" type attacks via poor software design, even though other security software was installed on users' devices.
"Although Lenovo disapproves of these accusations, we are relieved to close the case two and a half years later, and today we are not aware of any incidents where a third party exploited the vulnerabilities. and accessed user communications. "says Lenovo in a statement about the case. It looks like the manufacturer still does not know that he has made a mistake. This was already the case at the beginning of the 2015 process.
Already paid a fine once
In 2017, the company has already been fined $ 3.5 million – for the same reason. At that time, it was also determined that Lenovo had to meet strict conditions for 20 years.
The Chinese company is not the only candidate to install unsecured software on the customer's devices. In addition, the US supplier Dell had a very similar problem. Here, attackers could very easily obtain the private key of the root certificate from users. The group apologized for the incident and released an update to the Dell Foundation Services software concerned.
Source link