Last week, a Lenovo customer filed a
class-action lawsuit against the Chinese technology manufacturing company and its Superfish adware, charging both with having invaded customers’ privacy and made money off of analyzing their web browsing habits.
In her lawsuit, plaintiff Jessica N. Bennet of California states that she traced a number of spam advertisements posted on a client’s website to the Superfish adware installed on her Yoga 2 laptop, which she used to write a blog post for that client.
The court documents also assert that Bennet’s computer slowed as a result of
Superfish using up Internet bandwidth and internal memory resources.
Lenovo has yet to comment on the lawsuit.
Late last week,
news first broke about the Superfish malware, which uses man in the middle attacks (MitM) to break web security protocols and inject third-party advertisements into users’ web browsers without their permission.
Besides violating customers’ privacy, as Bennet and others allege, Superfish potentially allows hackers to compromise a customer’s sensitive information because none of the data they enter online is actually being protected.
“We trust our hardware manufacturers to build products that are secure,” commented hacker Marc Rogers in a
blog post about the adware. “In this current climate of rising cybercrime, if you can’t trust your hardware manufacturer, you are in a very difficult position.”
At first, Lenovo attempted to defuse the situation by claiming that Superfish had been disabled and posed no real threat. This drew the
ire of multiple voices in the software developer community, which ultimately led the manufacturing company to
issue a tool that automatically removes Superfish from affected computers.
Lenovo’s tool comes several days after Windows Defender and McAfee first released
a set of updates that allow users to remove the adware.
But the Superfish cleanup might not be as simple as using a single tool. Over the weekend, security researchers discovered that the
malware uses a software development kit (SDK) produced by Komodia for its HTTPS interception functionality. This SDK has been integrated into other software programs, which all intercept traffic in the same way as Superfish.
The CERT Coordination Center (CERT/CC) has issued an
advisory about the Komodia SDK issue as customers await an official response from Komodia, whose site is currently offline due to the high traffic it is receiving from worried customers and media outlets.
With word from Komodia pending, any customers who fear they may be affected by the Superfish adware or Komdia’s SDK can refer to this resource
here in the meantime.