Lenovo has reached a settlement with the United States Federal Trade Commission (FTC), ending a two-and-a-half-year dispute over the company pre-installing problematic third-party adware in hundreds of thousands of laptops sold between late 2014 and early 2015.
The Chinese hardware manufacturer has agreed to obtain affirmative consent from consumers prior to installing adware programs in the future, as well as audited security checks of its software for the next 20 years.
In 2014, Lenovo was found to have shipped software, called Visual Discovery, in its consumer Windows devices that not only injects advertising into search engine results, but also has the capability to intercept and hijack traffic flowing over SSL and TLS connections -- often used by online retailers and banks to secure data -- thanks to the installation of a self-signing certificate authority on affected machines.
The vulnerabilities also enabled potential attackers to intercept consumers' electronic communications with any website, including financial institutions and medical providers, by simply cracking the pre-installed password," the FTC said in a statement.
Lenovo said on Tuesday that it already has introduced a policy to limit the amount of pre-installed software it loads on its products, and created security and privacy review processes -- actions that it said are consistent with the settlement.
- Lenovo's Superfish bloatware scandal reveals a sneaky tactic we thought ...PCWorld
- Lenovo settles with FTC over adware that exposed users to cyber attacksNewburgh Gazette
- Lenovo Settles Charges It Sold Laptops With Compromised User SecurityCourthouse News Service
- Tech firm to pay $3.5M in settlement over preloaded softwarePress of Atlantic City
- Lenovo Gets a Slap on the Wrist for Superfish Adware ScandalBleepingComputer
- The Briefcase: Wake Forest medical school has record enrollment in Class of 2021Winston-Salem Journal
- Lenovo Reaches $3.5 Mln Settlement With FTC Over Superfish AdwareMarkets Insider
- FTC settles with Lenovo over a built-in snooping software, $3.5 million fineUSA TODAY
- Lenovo fined $3.5 million for putting user's security at stakeGizbot