[ad_1]
As a reminder, since September 2014, Lenovo had started delivering VisualDiscovery adware with its consumer PCs. the adware is developed by a company called Superfish. And the adware only served to improve the experience of the users. Indeed, in addition to injecting unwanted advertisements in the web pages visits by the users without their consent, VisualDiscovery could have favored the attacks of the man of the middle, thus allowing a third to intercept the navigation data of the users . In addition, the program used an autosign certificate that allowed it to run even during secure connections and spy on user digits. This certificate was more likely to be exploited by another malicious program, after the adware was deleted by the user.
In the face of the wind of polemics that had created the application, Lenovo had apologized to customers open, and quickly published a tool to automatically remove the application. It should be noted that a simple uninstallation of the application did not remove the root certificate install. In addition, the manufacturer worked with the dantivirus publishers so that their solution could erase VisualDiscovery. In addition, the firm has decided to offer users affected by VisualDiscovery a free six-month subscription to the McAfee LiveSafe service, or a six-month extension for existing subscribers. But, Lenovo's efforts do not stop there. The Chinese manufacturer had thought it was time to completely review its third-party application mechanism in its pre-market products.
In 2017, the Federal Trade Commission (FTC) had announced that it had found an arrangement with Lenovo on three offenses the privacy of customers. In its complaint, the FTC assured that since August 2014, Lenovo has started selling laptops in the United States that shipped a prinstall software type man-in-the-middle call VisualDiscovery. Lenovo compromised consumer confidentiality when it preloaded software that could access sensitive consumer information without proper notice or consent to its use, said Maureen K. Ohlhausen, president of the FTC. This behavior is even more serious because the software has compromised the online security protections to which consumers rely, he said.
Lenovo signed an agreement to pay US $ 7.3 million to customers who found that the pre-installed advertising software on their devices was putting their lives on the line. On November 21st, the US District Court for the Northern District of California agreed to the transaction. In 2015, Lenovo maintained the position that it did not agree with the charges against it and that it was also unaware of the third-party exploitation of the application. In addition, the company said it had already stopped selling the software in 2015. Although Lenovo does not accept the allegations contained in these complaints, we are happy to close this case two and a half years later. To date, we are not aware of any actual instance exploiting these vulnerabilities by a third party to access a user's communications, reads Lenovo's statement.
Remember that in 2017, under the regulation with the FTC, Lenovo is prohibited from misrepresenting all the features, software preloaded on laptops that inject advertising during consumers' Internet browsing sessions or transmit sensitive information from consumers. third. The company must also obtain the consent of consumers before installing this type of software. In addition, over a period of 20 years, the company will have to implement a comprehensive software security program for most consumer software prchargs on its laptops. The security program will also be subject to verification by third parties.
The mobile equivalent of the adware is called LikeThat and is available for iOS and Android platforms on their respective online storefronts. The App (LikeThat Dcor and Furniture) is designed to help users shop for furniture by simply taking a picture of what they want; the photo will then be uploaded to the Superfish servers and similar visual results from thousands of vendors will be displayed in the results column. There is also another application called LikeThat Garden, specific to the flowers in your garden or even LikeThat Pets: Adopt a pet.
Source: Court statement
And you ?
What do you think ?
See as well
Superfish: Lenovo excuses and announces concrete plan to save image
Lenovo installs on its computers an adware that presents security risks
Lenovo and FTC Find Common Ground for Superfish Prinstall Adware Scandal on Laptops
Superfish: Lenovo promises cleaner, safer PCs without adware and bloatware
[ad_2]
Source link
