According to posts by users on the company's forum, adware called Superfish has been caught hijacking browsers to inject third-party ads on Google searches and websites without permission.
It apparently does so using self-signed certificates to fool browsers into displaying them. One forum user claimed that the program had intercepted a web connection to their bank, potentially allowing Superfish to collect data without question.
Another, who pledged to return his lurgy-riggen laptop after discovering the adware, described it as, "A blatant man-in-the-middle attack breaking any privacy laws."
Scaling back
In reply to the growing number of posts from disgruntled users, Lenovo administrator Mark Hopkins replied in a separate thread to confirm that Lenovo has removed Superfish from its consumer laptops. The company has also requested that the developer issues a patch to plug the security snafu.
He wrote: "Due to some issues (browser pop up behavior for example), with the Superfish Visual Discovery browser add-on, we have temporarily removed Superfish from our consumer systems until such time as Superfish is able to provide a software build that addresses these issues.
"As for units already in market, we have requested that Superfish auto-update a fix that addresses these issues."
It's unknown how many Lenovo laptops containing the software are still on the market. TechRadar has contacted Lenovo and Superfish for comment.
from TechRadar
