Lenovo Group Ltd had sold laptops with pre-installed software exposing its devices to hacker attacks and unauthorized monitoring.
In September the largest personal computer manufacturer started distributing its devices with a software called SuperFish marketed as a free search tool. However, soon after the first devices were delivered, complaints started raining on Lenovo.
Consumers accused the software of adding unwanted advertisements on their browsers and gathering their web history. As a result the program was quickly re-classified as “adware”.
Additionally, its was discovered that the software had a major security flaw potentially enabling unauthorized access to encrypted information, web passwords and browsing history.
Lenovo apologized for its mistake and said it would take every action needed to remove the malicious software from its customers laptops. The company also said that the program was never pre-installed on any ThinkPad notebooks, desktops or smartphones.
“We thought the product would enhance the shopping experience, as intended by Superfish. It did not meet our expectations or those of our customers,” Lenovo said in a statement, which also included a list of all devices that might be affected by the program.
The company said that customers had the option to choose whether to use the software or not. The product was aimed at helping people shop online via web searches based on an image.
Lenovo said it had stopped pre-installing the software in January and had shut down the server connections that enable the program. Additionally, the company pledged to work with its consumers to remove the “adware” as quickly as possible.
The company has uploaded several guides on how to remove the software on its website and said it was working with the developer of SuperFish and industry partners to address any possible security issues now and in the future.
The company did not disclose how many devices have been affected by the software, but said it didnt find any evidence for “ security concerns” during its thorough investigation. However, Lenovo said it would not pre-install the product in the future.
“We agree that this was not something we want to have on the system, and we realized we needed to do more,” Lenovo Chief Technology Officer Peter Hortensius said.