Lenovo Class Action Lawsuits Filed Over Pre-Installed “Superfish” Adware
The computer manufacturer Lenovo faces a growing number of class action lawsuits over software that came pre-installed on some of its laptops, which allegedly provides the devices with an easy opening for hackers.
According to a motion to consolidate (PDF) filed this week with the U.S. Judicial Panel on Multidistrict Litigation (JPML), at least three Lenovo class action lawsuits have been brought throughout the federal court system, and additional complaints are expected.
All of the complaints involve similar allegations, indicating that some Lenovo laptops were sold with harmful adware software, known as Superfish Visual Discovery.
Did You Know?
Millions of Philips CPAP Machines Recalled
Philips DreamStation, CPAP and BiPAP machines sold in recent years may pose a risk of cancer, lung damage and other injuries.Learn More
The request seeks to transfer all Lenovo Superfish lawsuits filed in U.S. District Courts throughout the country to one judge for coordinated pre-trial proceedings, as part of a multi-district litigation (MDL).
Given the similar allegations raised the cases, as well as future complaints that are expected, plaintiffs indicate that centralization would reduce duplicative discovery into common issues, avoid conflicting rulings from different judges and serve the convenience of the parties, witnesses and the courts.
The Lenovo Superfish software, which many are calling spyware, tracks web searches made by users and places ads on the sites they visit tailored to their habits. While it is designed to make advertising more effective, Superfish also adds a “root certificate” that can be exploited by hackers, critics say.
The problem is that the program essentially hijacks the connection between users and websites and opens up what should be encrypted connections. It does this by creating fake security certificates for trusted websites to fool the computer into allowing the program to alter what actually appears on the screen.
These connections allow hackers an easy access point to the computer, which could lead to viruses that damage user data and computers, and an increased risk of identity theft and other problems, according to cybersecurity experts condemning the Superfish software.
“The way the Superfish functionality appears to work means that they must be intercepting traffic in order to insert the ads,” Eric rand, a researcher at Brown Hat Security, is quoted as saying in one complaint (PDF) filed last week. “This amounts to a wiretap.”
Lenovo indicates that it has stopped installing the software on its devices and has apologized to its customers, admitting that Superfish was a mistake.
“We acted swiftly and decisively once these concerns began to be raised,” the company said in a statement. “We apologize for causing any concern to any users for any reason – and we are always trying to learn from experience and improve what we do and how we do it.”
The company said it stopped installing the software in January 2015, has provided information on superfish and details on how to safely uninstall the program, and provided a list of affected laptops and notebooks.
"*" indicates required fields
More Top Stories
A new report indicates the U.S. Navy is struggling to process tens of thousands of Camp Lejeune water poisoning claims due to a lack of resources.
A group of plaintiffs have filed a motion with the U.S. JPML seeking consolidation of all Bard implanted port lawsuits before one judge for pretrial proceedings.
A Tepezza hearing loss lawsuit accuses the manufacturer of failing to provide adequate warning about the risks of the thyroid eye disease drug.