Click to Skip Ad
Closing in...

Lenovo finally admits its sleazy adware ploy put its own customers at risk of being hacked

Published Feb 20th, 2015 4:50PM EST
BGR

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

After news broke this week that Lenovo was putting dangerous adware on its computers, the company responded by removing the offending software from new machines and disabling it on the computers it had already shipped with. The company also insisted that the adware posed no security risks to any of its customers, a statement that was met with incredulity by security experts. However, the company has now admitted that installing Superfish onto its computers opened up big security holes that it’s now scrambling to fix.

BACKGROUND: How Lenovo single-handedly lit its reputation on fire this week

In an interview with Re/code, Lenovo CTO Peter Hortensius admitted that Lenovo should have known that Superfish left users vulnerable to man-in-the-middle attacks in which hackers could steal sensitive information such as online banking credentials.

“We should have known that going in that that was the case,” Hortensius said. “We just flat-out missed it on this one, and did not appreciate the problem it was going to create… we are taking our beating like we deserve on this issue.”

Hortensius also said that Lenovo is not “curled up in a ball” and is actively looking for ways to make things right with its customers. That said, the damage to Lenovo’s reputation has already been done and it’s very hard to see any amount of groveling undoing it.

Just the fact that Hortensius says he and his team didn’t anticipate these issues coming up is bad in and of itself, since Superfish was written specifically to create a self-generated root certificate that can install itself in both Windows and assorted web browsers to hijack HTTPS traffic. If they didn’t see something like this causing problems, what else are they overlooking?

Brad Reed
Brad Reed Staff Writer

Brad Reed has written about technology for over eight years at BGR.com and Network World. Prior to that, he wrote freelance stories for political publications such as AlterNet and the American Prospect. He has a Master's Degree in Business and Economics Journalism from Boston University.