Lenovo has issued a public apology, admitting it "messed up badly" by selling laptops with a controversial tracking software called Superfish pre-installed, reports Yahoo. (Note that ESET anti-malware products will detect Superfish.)
Superfish is software that can monitor online activity in order to suggest advertisements. The software can break the encryption between web browsers and seemingly secure websites, potentially exposing sensitive data, passwords and financial details.
“We messed up badly here,” says Peter Hortensius, Lenovo’s chief technology officer. “We made a mistake. Our guys missed it. We’re not trying to hide from the issue – we’re owning it.”
According to Bloomberg, Superfish uses image-recognition technology to spy on where users point their cursor, recommending ads based on the images they look at. The software is also able to intercept the communication between browsers and websites, essentially swapping its own security key for the encryption certificates on trusted websites.
Lenovo said it has stopped pre-installing Superfish on new laptops, and listed all the models that could be affected in a company statement. It has also provided detailed information on how users can remove the software.
"We thought the product would enhance the shopping experience, as intended by Superfish. It did not meet our expectations or those of our customers. In reality, we had customer complaints about the software," the company said.
Superfish was never installed on any Lenovo desktops, smartphones or ThinkPad Notebooks, but laptops already in circulation could be still at risk until the software is removed.
According to ESET security researcher Stephen Cobb, some of the Superfish detection websites that have popped up are returning false positives, telling people their computer has a problem when in fact it does not. Says Cobb, "False reports of Superfish may cause a lot of unnecessary costs to IT support departments at companies whose systems are immune to this unwanted application."
