Updated on December 10, 2021
Computer manufacturer Lenovo’s been caught doing what’s definitely a very bad thing. While all Windows laptop makers install junk software on their computers (to boost profit margins), Lenovo’s gone one “better.” Between September 2014 and January 2015, Lenovo installed on its laptops its own HTTPS certificate that replaces the standard encryption normally used by browsers, as a means of generating ads via preinstalled software called Superfish (not to be confused with Snapfish, an online photo service).
Unfortunately for Lenovo, what was already a bad idea became worse recently, when the certificate’s security was broken. This means that anyone with the right software/knowledge can execute what’s known as a “man-in-the-middle attack” on these users.
There’s more details about this, including instructions on how to remove Superfish and the certificate, in this article on The Verge.
Quite an appalling tactic on Lenovo’s part to put their users’ security at risk just to make a few extra dollars. While it won’t ruin their business, it’ll likely make plenty of computer savvy users think twice before buying anything from Lenovo in the near future.
