Lenovo's Superfish debacle was not like Samsung's exploding devices. While Samsung phones are known for its explosions in the past, Lenovo's Superfish broke the whole Internet. The Superfish software, which was preinstalled on laptops between 2014 and 2015, made every website unsecure.This compromised the users' privacy and their exposure to cyber security exploits. 32 states, together with the United States Federal Trade Commission (FTC) filed a case against Lenovo for the software Security Breach two and a half years ago.
Lenovo's Superfish disaster
If you own a Lenovo laptop which was produced on 2014-2015, you might remember a bloatware called "VisualDiscovery." VisualDiscovery was made by app developer Superfish. By just purchasing a Lenovo laptop, you have given your consent for the VisualDiscovery app to work on your device. The app used to send ads on every website you visited.
But if you thought that these annoying ads are the only problem the app made, grit your teeth because there's more. As a middleman for your computer and advertisements, Superfish used to issue a self-signed certificate of authenticity. Because of this, HTTPS connections are not secured and can be exploited when someone tries to exploit Superfish.
And not only that, Superfish only used one certificate key on every system. It will only take one clever hacker to figure out the key. After that, he will have control over 750,000 units sold because of the security breach. To add insult to the injury, Lenovo knows about this security hole. But all Lenovo did was to ask for Superfish to remove the feature but they never checked again if the company did.
Lenovo's penalty
Lenovo will only need to pay $3.5 million, and it is not for the damages that were made because of the Superfish software. The fine is for Lenovo violating its users' consent by installing software that gathers data from its users. There was no available estimate on how much damage the software has caused, but because of its nature (Superfish software can tap into banking and shopping transactions), $3.5 million is a small amount to pay.
Meanwhile, Lenovo stated that it "disagrees" with the penalty even though it is considered as "tiny" by others. ExtremeTech reported that Lenovo does not agree with the allegations contained in the complaints, but they are happy that finally, the case is over. Some people wouldn't still trust Lenovo's laptops and recommends not to buy one.
