Lenovo faces lawsuit over spyware

BY DIRK PERREFORT
Hearst Connecticut Media

A California law firm has filed a proposed class-action lawsuit against the computer manufacturer Lenovo for the recent Superfish spyware fiasco.

Lenovo, a China-based company with offices in Danbury and North Carolina, has come under fire in recent weeks for installing the Superfish software in Windows-based laptops sold by the company from September through January.

The lawsuit, filed in federal court by San Jose-based Pritzker Levine, claims the installation of the software was hidden from the public and put consumers’ security at risk. When operational, the suit claims, the program could allow Lenovo, Superfish or anyone else on the user’s wireless network to collect information including passwords, bank account data and other personal information stored on the computer.

Lenovo, a Chinese computer manufacturer that has recently come under fire, leased more than 10,000 square feet of office space last year in the Lee Farm Corporate Park. Photo by Tyler Sizemore
Lenovo, a Chinese computer manufacturer that has recently come under fire, leased more than 10,000 square feet of office space last year in the Lee Farm Corporate Park. Photo by Tyler Sizemore

Attorney Jonathan Levine, a founding partner in Pritzker Levine, said at least 19 lawsuits have already been filed against the company surrounding two main claims, that the software was installed without consumer consent and that the program compromised their security.

Levine added that while Lenovo recently admitted that the program creates a high security risk, the company has done little to remediate the situation other than to offer instructions on its website for removing the program. Some experts, however, say reinstalling the operating system may be the best solution.

“Lenovo is basically putting the burden on the consumer to discover the program and remedy it as opposed to them reaching out to the consumer, fixing the problem and offering some kind of compensation,” Levine said. “They are assuming that everyone has heard about this and a lot of people haven’t.”

State Attorney General George Jepsen also opened an investigation into Lenovo’s actions earlier this month, noting that the Superfish software was originally designed to track users’ Web browsing activity in order to place additional advertising on the sites they visited.

“It’s extremely concerning that, based on published reports, Lenovo installed this software ”“ which appears to have no meaningful benefit to the consumer ”“ on devices without the purchaser’s knowledge,” Jepsen said in a statement released March 2. “It is bad enough that the company sold consumers computers preloaded with software designed to track their browsing without alerting them. Even more alarming is that the software reportedly has a significant security vulnerability, putting computer users at risk of hacking.”

Jepsen said he reached out to Lenovo and Superfish to provide more information to determine whether any state laws were broken.

According to the U.S. Department of Homeland Security, Lenovo personal computers employing the preinstalled software contain a critical vulnerability through a compromised root certificate. Exploitation of that vulnerability could allow a hacker to read all encrypted Web browser traffic, impersonate any website or perform other attacks on the affected user’s computer.

Lenovo has since indicated that it stopped preloading the software. Officials with Lenovo did not return phone calls seeking comment about the lawsuit.

Hearst Connecticut Media includes four daily newspapers: Connecticut Post, Greenwich Time, The Advocate (Stamford) and The News Times (Danbury). See newstimes.com for more from this reporter.