Click to Skip Ad
Closing in...
  1. Amazon Deals
    07:58 Deals

    10 deals you don’t want to miss on Saturday: $5 Alexa smart plugs, $110 electric sta…

  2. Amazon Gift Card Promotion
    14:41 Deals

    Amazon’s giving away $15 credits, but this is your last chance to get one

  3. Control Garage Door With iPhone
    08:10 Deals

    Unreal deal gets you Amazon’s hottest smart home gadget for $23 – plus a $40 c…

  4. Self-Emptying Robot Vacuum
    16:11 Deals

    Amazon coupon slashes our favorite self-emptying robot vacuum to its lowest price ever

  5. Amazon Echo Auto Price
    11:41 Deals

    Last chance to add hands-free Alexa to your car for $19.99 with this Amazon deal

Lenovo finally admits its sleazy adware ploy put its own customers at risk of being hacked

February 20th, 2015 at 4:50 PM
Lenovo PC Adware Scandal Response

After news broke this week that Lenovo was putting dangerous adware on its computers, the company responded by removing the offending software from new machines and disabling it on the computers it had already shipped with. The company also insisted that the adware posed no security risks to any of its customers, a statement that was met with incredulity by security experts. However, the company has now admitted that installing Superfish onto its computers opened up big security holes that it’s now scrambling to fix.

BACKGROUND: How Lenovo single-handedly lit its reputation on fire this week

In an interview with Re/code, Lenovo CTO Peter Hortensius admitted that Lenovo should have known that Superfish left users vulnerable to man-in-the-middle attacks in which hackers could steal sensitive information such as online banking credentials.

“We should have known that going in that that was the case,” Hortensius said. “We just flat-out missed it on this one, and did not appreciate the problem it was going to create… we are taking our beating like we deserve on this issue.”

Hortensius also said that Lenovo is not “curled up in a ball” and is actively looking for ways to make things right with its customers. That said, the damage to Lenovo’s reputation has already been done and it’s very hard to see any amount of groveling undoing it.

Just the fact that Hortensius says he and his team didn’t anticipate these issues coming up is bad in and of itself, since Superfish was written specifically to create a self-generated root certificate that can install itself in both Windows and assorted web browsers to hijack HTTPS traffic. If they didn’t see something like this causing problems, what else are they overlooking?

Popular News